Source: kmail Version: 4:19.08.3-1 Severity: important Tags: security upstream fixed-upstream
Hi, The following vulnerability was published for kmail, it was fixed in v19.12.3 upstream. CVE-2020-11880[0]: | An issue was discovered in KDE KMail before 19.12.3. By using the | proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or | other source of mailto links) can make KMail attach local files to a | composed email message without showing a warning to the user, as | demonstrated by an attach=.bash_history value. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-11880 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11880 [1] https://cgit.kde.org/kmail.git/commit/?id=2a348eccd352260f192d9b449492071bbf2b34b1 Regards, Salvatore