https://bugs.kde.org/show_bug.cgi?id=326063

            Bug ID: 326063
           Summary: [Security?] KMail invoked from KToolInvocation with an
                    encrypted text will decrypt the text
    Classification: Unclassified
           Product: kmail2
           Version: 4.11.2
          Platform: openSUSE RPMs
                OS: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: NOR
         Component: composer
          Assignee: kdepim-bugs@kde.org
          Reporter: k...@opensource.sf-tec.de

The invocation is like this:

KToolInvocation::invokeMailer(email, QString(), QString(), subject, text);

text is in this case is a PGP encrypted message, (also) encrypted to my own
private key. When the KMail window shows up the _decrypted_ text is show, i.e.
KMail will itself decrypt the text. If the message is only encrypted to someone
else the message is kept as KMail can't decrypt it.

If the text is expected to be sent encrypted and the user isn't very careful
the text may accidentially be sent unencrypted.

Reproducible: Always

-- 
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
Kdepim-bugs mailing list
Kdepim-bugs@kde.org
https://mail.kde.org/mailman/listinfo/kdepim-bugs

Reply via email to