|Source||CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)|
Vulnerable and fixed packages
The table below lists information on source packages.
The information below is based on the following data on fixed versions.
|Package||Type||Release||Fixed Version||Urgency||Origin||Debian Bugs|
- kf5-messagelib <not-affected> (Doesn't use qtwebengine, see bug #853241)
Would by fixed by: https://github.com/KDE/messagelib/commit/f601f9ffb706f7d3a5893b04f067a1f75da62c99
and building with Qt 5.7.0.
Following patches partly sanitize mails but still make it possible to inject code:
The issue is mitigated with the fixes applied for CVE-2016-7966, and a
user protected from this CVE by only viewing plain text mails.