*** This bug is a security vulnerability *** Public security bug reported:
KDE Project Security Advisory ============================= Title: KMail: Send Later with Delay bypasses OpenPGP Risk Rating: Medium CVE: CVE-2017-9604 Versions: kmail, messagelib < 5.5.2 Date: 15 June 2017 Overview ======== KMail’s Send Later with Delay function bypasses OpenPGP signing and encryption, causing the message to be sent unsigned and in plain-text. Solution ======== Update to kmail, messagelib >= 5.5.2 (Released as part of KDE Applications 17.04.2) Or apply the following patches: kmail: https://commits.kde.org/kmail/78c5552be2f00a4ac25bd77ca39386522fca70a8 messagelib: https://commits.kde.org/messagelib/c54706e990bbd6498e7b1597ec7900bc809e8197 Credits ======= Thanks to Daniel Aleksandersen for the report and to Laurent Montel for the fix. ** Affects: kdepim (Ubuntu) Importance: Undecided Status: New ** Affects: kmail (Ubuntu) Importance: Undecided Status: New ** Information type changed from Private Security to Public Security ** Also affects: kmail (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Kubuntu Bugs, which is subscribed to kdepim in Ubuntu. https://bugs.launchpad.net/bugs/1698180 Title: Send Later with Delay bypasses OpenPGP To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/kdepim/+bug/1698180/+subscriptions -- kubuntu-bugs mailing list kubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/kubuntu-bugs