Package: kmail Version: 4:4.14.10-2 Severity: normal I just saw an HTML message that style html and body interfer with the message headers (in that case, the message heraders got centered along with the rest of the message).
On first glance, this is a cosmetic issue. On second thought, it is imaginable that this can be abused to hide or inject information into the headers, thus easing phishing or scamming or even tricking the user into assuming a different sender, replying with confidential information. I am not certain that the latter will actually work; if you agree with my thoughts, please take the relevant steps to make this a security bug. -- System Information: Debian Release: stretch/sid Architecture: amd64 (x86_64) Kernel: Linux 4.3.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages kmail depends on: ii kde-runtime 4:15.08.3-1+b1 ii kdepim-runtime 4:4.14.10-2 ii kdepimlibs-kio-plugins 4:4.14.10-1 ii libakonadi-calendar4 4:4.14.10-1 ii libakonadi-contact4 4:4.14.10-1 ii libakonadi-kde4 4:4.14.10-1 ii libakonadi-kmime4 4:4.14.10-1 ii libakonadiprotocolinternals1 1.13.0-8 ii libc6 2.21-7 ii libcalendarsupport4 4:4.14.10-2 ii libfollowupreminder4 4:4.14.10-2 ii libgcc1 1:5.3.1-8 ii libgpgme++2v5 4:4.14.10-1 ii libgrantlee-core0 0.4.0-3 ii libincidenceeditorsng4 4:4.14.10-2 ii libkabc4 4:4.14.10-1 ii libkalarmcal2 4:4.14.10-1 ii libkcalcore4 4:4.14.10-1 ii libkcalutils4 4:4.14.10-1 ii libkcmutils4 4:4.14.14-1+b1 ii libkdecore5 4:4.14.14-1+b1 ii libkdepim4 4:4.14.10-2 ii libkdeui5 4:4.14.14-1+b1 ii libkio5 4:4.14.14-1+b1 ii libkleo4 4:4.14.10-2 ii libkmanagesieve4 4:4.14.10-2 ii libkmime4 4:4.14.10-1 ii libknotifyconfig4 4:4.14.14-1+b1 ii libkontactinterface4a 4:4.14.10-1 ii libkparts4 4:4.14.14-1+b1 ii libkpimidentities4 4:4.14.10-1 ii libkpimtextedit4 4:4.14.10-1 ii libkpimutils4 4:4.14.10-1 ii libkprintutils4 4:4.14.14-1+b1 ii libksieveui4 4:4.14.10-2 ii libmailcommon4 4:4.14.10-2 ii libmailimporter4 4:4.14.10-2 ii libmailtransport4 4:4.14.10-1 ii libmessagecomposer4 4:4.14.10-2 ii libmessagecore4 4:4.14.10-2 ii libmessagelist4 4:4.14.10-2 ii libmessageviewer4 4:4.14.10-2 ii libpimcommon4 4:4.14.10-2 ii libqt4-dbus 4:4.8.7+dfsg-5 ii libqt4-network 4:4.8.7+dfsg-5 ii libqt4-xml 4:4.8.7+dfsg-5 ii libqtcore4 4:4.8.7+dfsg-5 ii libqtgui4 4:4.8.7+dfsg-5 ii libqtwebkit4 2.3.4.dfsg-6 ii libsendlater4 4:4.14.10-2 ii libsolid4 4:4.14.14-1+b1 ii libstdc++6 5.3.1-8 ii libtemplateparser4 4:4.14.10-2 ii perl 5.22.1-7 Versions of packages kmail recommends: ii gnupg-agent 2.1.11-5 ii gnupg2 2.1.11-5 ii kdepim-doc 4:4.14.10-2 pn kdepim-themeditors <none> ii ktnef 4:4.14.10-2 ii pinentry-qt [pinentry-x11] 0.9.7-3 Versions of packages kmail suggests: pn clamav <none> ii kaddressbook 4:4.14.10-2 ii kleopatra 4:4.14.10-2 ii procmail 3.22-25 pn spamassassin | bogofilter | annoyance-filter | spambayes | bsf <none> -- no debconf information