Package kde5-kmail updated to version 20.04.3-alt1 for branch sisyphus in task 255329.

Published: 2020-07-27
Modified: 2024-11-21

CVE-2020-15954

KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communication during times when the UI indicates that encryption is in use.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

https://bugs.kde.org/show_bug.cgi?id=423426
https://bugs.kde.org/show_bug.cgi?id=423426
[debian-lts-announce] 20200730 [SECURITY] [DLA 2300-1] kdepim-runtime security update
[debian-lts-announce] 20200730 [SECURITY] [DLA 2300-1] kdepim-runtime security update

Published: 2021-08-10
Modified: 2024-11-21

CVE-2021-38373

In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not honored (and cleartext messages are sent) unless "Server requires authentication" is checked.

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

https://bugs.kde.org/show_bug.cgi?id=423423
https://bugs.kde.org/show_bug.cgi?id=423423
https://nostarttls.secvuln.info
https://nostarttls.secvuln.info

Version: 2.1.0

Package kde5-kmail update in sisyphus on 2020-08-16

ALT-PU-2020-2597-1

Closed vulnerabilities

CVE-2020-15954

CVE-2021-38373