All errata/sisyphus/ALT-PU-2020-2597-1
ALT-PU-2020-2597-1

Package update kde5-kmail in branch sisyphus

Version20.04.3-alt1
Task#255329
Published2020-08-16
Max severityMEDIUM
Severity:

Closed issues (2)

CVE-2020-15954
MEDIUM6.5

KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communication during times when the UI indicates that encryption is in use.

Published: 2020-07-27Modified: 2024-11-21
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSS 3.xMEDIUM 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
References
CVE-2021-38373
MEDIUM5.3

In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not honored (and cleartext messages are sent) unless "Server requires authentication" is checked.

Published: 2021-08-10Modified: 2024-11-21
CVSS 2.0LOW 3.5
CVSS:2.0/AV:N/AC:M/Au:S/C:P/I:N/A:N
CVSS 3.xMEDIUM 5.3
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
References