[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#305601: marked as done (CAN-2005-0404: serious content spoofing vulnerability)

Your message dated Sun, 21 Feb 2010 15:27:30 +0100
with message-id <201002211527.30144.ewoerner@kde.org>
and subject line Re: CAN-2005-0404: serious content spoofing vulnerability
has caused the Debian Bug report #305601,
regarding CAN-2005-0404: serious content spoofing vulnerability
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org

305601: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=305601
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: kmail
Severity: grave
Justification: user security hole

For more information see:

In summary:
> A remote email message content spoofing vulnerability affects KDE
> KMail.  This issue is due to a failure of the application to properly
> sanitize HTML email messages.
> An attacker may leverage this issue to spoof email content and various
> header fields of email messages.  This may aid an attacker in
> conducting phishing and social engineering attacks by spoofing PGP
> keys as well as other critical information.

securityfocus list 3.3.2 as vulnerable, which is currently in Sarge and
Sid. No idea if it would affect 2.2.2 which is in Woody.

See KDE bug 96020.

Work around is to disable HTML email.

-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-686-smp
Locale: LANG=en_AU, LC_CTYPE=en_AU (charmap=ISO-8859-1)

--- End Message ---
--- Begin Message ---
Version: 4:4.2.2-1

The bug you reported has been fixed in KDE SC 4.2.2

--- End Message ---

Reply to: