Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 683034 (CVE-2019-10732) - <kde-apps/kmail-19.04.2: decryption based on replying to PGP or S/MIME encrypted emails
Summary: <kde-apps/kmail-19.04.2: decryption based on replying to PGP or S/MIME encryp...
Alias: CVE-2019-10732
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [noglsa cve]
Depends on: kde-apps-19.04.3
  Show dependency tree
Reported: 2019-04-10 15:19 UTC by Agostino Sarubbo
Modified: 2019-08-15 21:05 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2019-04-10 15:19:08 UTC
From ${URL} :

In KDE KMail 5.10.3, an attacker in possession of S/MIME or PGP encrypted emails
can wrap them as sub-parts within a crafted multipart email. The encrypted
part(s) can further be hidden using HTML/CSS or ASCII newline characters. This
modified multipart email can be re-sent by the attacker to the intended
receiver. If the receiver replies to this (benign looking) email, they
unknowingly leak the plaintext of the encrypted message part(s) back to the


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Andreas Sturmlechner gentoo-dev 2019-07-28 08:01:55 UTC
19.04.3 was stabilised, cleanup done in 420336464e757748fd3f7b63bdb565f3529b203c
Comment 2 Andreas Sturmlechner gentoo-dev 2019-07-29 18:46:26 UTC
KDE team is done here, anyway.