[SECURITY] [DLA 4196-1] kmail-account-wizard security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 4196-1] kmail-account-wizard security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Fri, 30 May 2025 23:07:03 +0000 (UTC)
Message-id: <[🔎] ec862cfa-a683-5f5b-6bd-6c41cdd15618@alteholz.de>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4196-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
May 30, 2025                                  https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : kmail-account-wizard
Version        : 4:20.08.3-1+deb11u1
CVE ID         : CVE-2024-50624

An issue has been found in kmail-account-wizard, a wizard for KDE PIMapplications account setup.The issues is about a man-in-the-middle-attack when using autoconf forretrieving configuration.Please also note that for configuration with autoconf.example.com, theconfig is first fetched with https and the former http is used only asfallback. For configuration via example.com/.well-known/autoconfig theconfig is now fetched only with https.



For Debian 11 bullseye, this problem has been fixed in version
4:20.08.3-1+deb11u1.

We recommend that you upgrade your kmail-account-wizard packages.

For the detailed security status of kmail-account-wizard please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/kmail-account-wizard

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmg6OhdfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEflSw//TfcXLq6Oxt6NqK1VHTJ8hk5QyOkdw73xq8kZ7rW21OJG1dbqRaKbkffu
tta1VDbUI+fPKsu14CBfUGarrl11z7Pk+6vGk1SqMKSuesFGkDI687iXNGXOvaCS
WGqOiTBpWt1FRel+iWtNm+LtBofnWLOI3cETOdjEN2PVA7QjQOsYsPm00V1UDulD
thOK2+x0GxHlMExksVm98SqPaVnGlLDPbHqeXAN/ayW6TrJtGyP9SYlmhZhlhlH0
53oe3Gv2AobY95LpnYrp7wQSbRPb6uOM0VI+j+GwkbjeaK08CAtBG7Fq+qkg9jPN
T2Z2hf3xf90n3f5t+bT3AkDVxRJVWL8mi13WSZo9sYWEL0y7oXBkzNJKVt9FM++L
UiKkXnzSIyexEd45X+uuCued8Hc7UqaY/I2yFpnjpLzWKnSzIRQ2RLukLrHgE81+
miyKrPJTPaEPuUEZOCSeqTC1g1GTq9ReGSCdZz+EU4ms48/zs5ifaUkgdBuKIM5g
K7OllUZJEPZNYGVhIVgCB2oF9A2rdTj16qStDOgM1xmuifyLe+cyZGTFoHKjNF7H
SjKN6K9fXZF3eUpx3GcQ+a8T8pE8qnsry1WnhFPzBNr0NYb9voX6VLL0HUgHt7wm
f78xGjTBKYDwPSjJYoRixvyIuuQLu2tsOsxS+tgFCA6mxEKSK/0=
=iJXB
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4195-1] krb5 security update
Next by Date: [SECURITY] [DLA 4197-1] python-flask-cors security update
Previous by thread: [SECURITY] [DLA 4195-1] krb5 security update
Next by thread: [SECURITY] [DLA 4197-1] python-flask-cors security update
Index(es):
- Date
- Thread