Bug#305601: marked as done (CAN-2005-0404: serious content spoofing vulnerability)

To: Eckhart Wörner <ewoerner@kde.org>
Subject: Bug#305601: marked as done (CAN-2005-0404: serious content spoofing vulnerability)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Sun, 21 Feb 2010 14:30:07 +0000
Message-id: <[🔎] handler.305601.D305601.126676245813194.ackdone@bugs.debian.org>
References: <201002211527.30144.ewoerner@kde.org> <20050421003455.D9BABC0014E0@sd01.mel.strategicdata.com.au>

Your message dated Sun, 21 Feb 2010 15:27:30 +0100
with message-id <201002211527.30144.ewoerner@kde.org>
and subject line Re: CAN-2005-0404: serious content spoofing vulnerability
has caused the Debian Bug report #305601,
regarding CAN-2005-0404: serious content spoofing vulnerability
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
305601: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=305601
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CAN-2005-0404: serious content spoofing vulnerability
From: "Geoff Crompton" <geoffc@strategicdata.com.au>
Date: Thu, 21 Apr 2005 10:34:51 +1000
Message-id: <20050421003455.D9BABC0014E0@sd01.mel.strategicdata.com.au>

Package: kmail
Severity: grave
Justification: user security hole

For more information see:
http://www.securityfocus.com/bid/13085

In summary:
> A remote email message content spoofing vulnerability affects KDE
> KMail.  This issue is due to a failure of the application to properly
> sanitize HTML email messages.
> An attacker may leverage this issue to spoof email content and various
> header fields of email messages.  This may aid an attacker in
> conducting phishing and social engineering attacks by spoofing PGP
> keys as well as other critical information.

securityfocus list 3.3.2 as vulnerable, which is currently in Sarge and
Sid. No idea if it would affect 2.2.2 which is in Woody.

See KDE bug 96020.

Work around is to disable HTML email.

-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-686-smp
Locale: LANG=en_AU, LC_CTYPE=en_AU (charmap=ISO-8859-1)

--- End Message ---

--- Begin Message ---

To: 305601-done@bugs.debian.org

Subject: Re: CAN-2005-0404: serious content spoofing vulnerability

From: Eckhart Wörner <ewoerner@kde.org>

Date: Sun, 21 Feb 2010 15:27:30 +0100

Message-id: <201002211527.30144.ewoerner@kde.org>
Version: 4:4.2.2-1

The bug you reported has been fixed in KDE SC 4.2.2
--- End Message ---

Reply to:

Prev by Date: Bug#525673: marked as done (keditbookmarks: segfault when moving bookmark)
Next by Date: Processed: your mail
Previous by thread: Bug#525673: marked as done (keditbookmarks: segfault when moving bookmark)
Next by thread: Bug#410234: marked as done (mounting an external harddrive via KDE fails with "rights denied")
Index(es):
- Date
- Thread