CVE-2014-8878

NameCVE-2014-8878
DescriptionKDE KMail does not encrypt attachments in emails when "automatic encryption" is enabled, which allows remote attackers to obtain sensitive information by sniffing the network.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: remote)
Debian Bugs791800

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
kdepim (PTS)jessie4:4.14.1-1+deb8u1vulnerable
jessie (security)4:4.14.1-1+deb8u2vulnerable
stretch4:16.04.3-4~deb9u1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
kdepimsource(unstable)4:4.14.5-1medium791800
kdepimsourcesqueeze(not affected)

Notes

[jessie] - kdepim <no-dsa> (Minor issue)
[wheezy] - kdepim <no-dsa> (Minor issue)
[squeeze] - kdepim <not-affected> (Bogus condition not present)
https://bugs.kde.org/show_bug.cgi?id=340312
http://www.openwall.com/lists/oss-security/2015/07/15/5

Search for package or bug name: Reporting problems