CAN-2005-0404: information leak in kmail
Please make sure a correction to this makes it into sarge. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0404 Reference: MLIST:[kmail-devel] 20050215 [Bug 96020] HTML Allows Spoofing of Emails Content Reference: URL:http://mail.kde.org/pipermail/kmail-devel/2005-February/015490.html Reference: MISC:http://bugs.kde.org/show_bug.cgi?id=96020 Reference: MISC:http://www.securiteam.com/unixfocus/5GP0B0AFFE.html Reference: URL:http://secunia.com/advisories/14925 Regards, Joey -- Those who don't understand Unix are condemned to reinvent it, poorly. Please always Cc to me when replying to me on the lists. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#304550: kmail: Signatures made by Apple Mail shown as bad when Mutt and Thunderbird show them as good
Package: kmail Version: 4:3.3.2-3 Severity: normal When viewing the same message in multiple email clients using IMAP, only KMail shows a bad signature for messages signed using Apple Mail (signed as PGP/MIME). Headers from affected emails: X-Pgp-Agent: GPGMail 1.0.2 X-Mailer: Apple Mail (2.619.2) --Apple-Mail-2--786455545 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII; format=flowed --Apple-Mail-2--786455545 content-type: application/pgp-signature; x-mac-type=70674453; name=PGP.sig content-description: This is a digitally signed message part content-disposition: inline; filename=PGP.sig content-transfer-encoding: 7bit -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) Strangely, very short messages (one or two lines) DO show as a good signature, anything more than a sentence or two comes up as bad, but only on KMail. This is from two separate people, both using Apple Mail. Others receiving the same message in Thunderbird and other clients also report that the signatures are all good. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.4.25-1-686 Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Versions of packages kmail depends on: ii kdelibs4 4:3.3.2-4.0.2 KDE core libraries ii libc62.3.2.ds1-20GNU C Library: Shared libraries an ii libgcc1 1:3.4.3-12 GCC support library ii libice6 4.3.0.dfsg.1-12.0.1 Inter-Client Exchange library ii libkcal2a4:3.3.2-3 KDE calendaring library ii libkdenetwork2 4:3.3.2-3 KDE Network library ii libkdepim1 4:3.3.2-3 KDE PIM library ii libkleopatra0a 4:3.3.2-3 KDE GnuPG interface libraries ii libkpimidentities1 4:3.3.2-3 KDE PIM user identity information ii libksieve0 4:3.3.2-3 KDE mail/news message filtering li ii libmimelib1a 4:3.3.2-3 KDE mime library ii libpng12-0 1.2.8rel-1 PNG library - runtime ii libqt3c102-mt3:3.3.4-2 Qt GUI Library (Threaded runtime v ii libsm6 4.3.0.dfsg.1-12.0.1 X Window System Session Management ii libstdc++5 1:3.3.5-12 The GNU Standard C++ Library v3 ii libx11-6 4.3.0.dfsg.1-12.0.1 X Window System protocol client li ii libxext6 4.3.0.dfsg.1-12.0.1 X Window System miscellaneous exte ii perl 5.8.4-8 Larry Wall's Practical Extraction ii xlibs4.3.0.dfsg.1-12 X Keyboard Extension (XKB) configu ii zlib1g 1:1.2.2-4 compression library - runtime -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#304465: kdelibs4: Invalid calculation of PCX image properties possibly permits arbitrary code execution
Package: kdelibs4 Severity: grave Tags: security Justification: user security hole Invalid range checking in PCX header parsing possibly permits execution of arbitrary code. Please see http://bugs.kde.org/show_bug.cgi?id=102328 for a full description, a crafted test image and a patch from Waldo Bastian (so there's probably a pending KDE security advisory). Cheers, Moritz -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.11 Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#252412: kopete: Reproduced with more details
Package: kopete Version: 4:3.3.2-2 Followup-For: Bug #252412 I managed to reproduce this bug. I noticed the follow behavior: Copy with control-C or menu selection can paste fine into emacs/xterm. Copy with control-C and paste into Kopete with control-V doesn't work properly. Copy with menu selection and paste either way works in Kopete. Copy with emacs/xterm doesn't work into kopete, or konqueror... probably an x-server clipboard vs. klipper issue. Most interesting effect is that if I copy out of the Kopete chat window with control-C, I can't paste back into Kopete or Konqueror, but I CAN paste accurately into emacs/xterm. As mentioned, vice versa doesn't work at all. Still probably a x-clipboard vs. klipper issue. That's about the sum of what I was able to observe. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.8-2-386 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages kopete depends on: ii kdelibs4 4:3.3.2-4.0.2 KDE core libraries ii libart-2.0-2 2.3.17-1Library of functions for 2D graphi ii libc62.3.2.ds1-20GNU C Library: Shared libraries an ii libfam0c102 2.7.0-6 client library to control the FAM ii libgcc1 1:3.4.3-12 GCC support library ii libice6 4.3.0.dfsg.1-12.0.1 Inter-Client Exchange library ii libidn11 0.5.13-1.0 GNU libidn library, implementation ii libjpeg626b-10 The Independent JPEG Group's JPEG ii libpcre3 5.0-1 Perl 5 Compatible Regular Expressi ii libpng12-0 1.2.8rel-1 PNG library - runtime ii libqt3c102-mt3:3.3.3-8 Qt GUI Library (Threaded runtime v ii libsm6 4.3.0.dfsg.1-12.0.1 X Window System Session Management ii libssl0.9.7 0.9.7e-3SSL shared libraries ii libstdc++5 1:3.3.5-12 The GNU Standard C++ Library v3 ii libx11-6 4.3.0.dfsg.1-12.0.1 X Window System protocol client li ii libxext6 4.3.0.dfsg.1-12.0.1 X Window System miscellaneous exte ii libxml2 2.6.16-6GNOME XML library ii libxrender1 0.8.3-7 X Rendering Extension client libra ii libxslt1.1 1.1.12-6XSLT processing library - runtime ii xlibs4.3.0.dfsg.1-12 X Keyboard Extension (XKB) configu ii zlib1g 1:1.2.2-4 compression library - runtime -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]