DescriptionKDE KMail does not encrypt attachments in emails when "automatic encryption" is enabled, which allows remote attackers to obtain sensitive information by sniffing the network.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium
Debian Bugs791800

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
kdepim (PTS)jessie4:4.14.1-1+deb8u1vulnerable
jessie (security)4:4.14.1-1+deb8u2vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
kdepimsourcesqueeze(not affected)


[jessie] - kdepim <no-dsa> (Minor issue)
[wheezy] - kdepim <no-dsa> (Minor issue)
[squeeze] - kdepim <not-affected> (Bogus condition not present)

Search for package or bug name: Reporting problems