group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1698180] Re: Send Later with Delay bypasses OpenPGP

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Simon Quigley <tsimonq2@xxxxxxxxxx>
Date: Sat, 12 Aug 2017 18:40:23 -0000
Reply-to: Bug 1698180 <1698180@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9604

** Also affects: kmail (Ubuntu)
   Importance: Undecided
       Status: New

** Summary changed:

- Send Later with Delay bypasses OpenPGP
+ [CVE] Send Later with Delay bypasses OpenPGP

** Changed in: kmail (Ubuntu)
     Assignee: (unassigned) => Simon Quigley (tsimonq2)

** Changed in: kmail (Ubuntu)
       Status: New => In Progress

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1698180

Title:
  [CVE] Send Later with Delay bypasses OpenPGP

Status in kdepim package in Ubuntu:
  In Progress
Status in kf5-messagelib package in Ubuntu:
  In Progress
Status in kmail package in Ubuntu:
  In Progress
Status in kdepim source package in Trusty:
  New
Status in kdepim source package in Xenial:
  New
Status in kdepim source package in Zesty:
  New
Status in kdepim source package in Artful:
  In Progress

Bug description:
  KDE Project Security Advisory
  =============================

  Title:          KMail: Send Later with Delay bypasses OpenPGP
  Risk Rating:    Medium
  CVE:            CVE-2017-9604
  Versions:       kmail, messagelib < 5.5.2
  Date:           15 June 2017

  
  Overview
  ========
  KMail’s Send Later with Delay function bypasses OpenPGP signing and
  encryption, causing the message to be sent unsigned and in plain-text.

  Solution
  ========
  Update to kmail, messagelib >= 5.5.2 (Released as part of KDE Applications 17.04.2)

  Or apply the following patches:
       kmail: https://commits.kde.org/kmail/78c5552be2f00a4ac25bd77ca39386522fca70a8
  messagelib: https://commits.kde.org/messagelib/c54706e990bbd6498e7b1597ec7900bc809e8197

  Credits
  =======
  Thanks to Daniel Aleksandersen for the report and to Laurent Montel for the fix.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/kdepim/+bug/1698180/+subscriptions