** Changed in: kdepimlibs (Ubuntu Yakkety)
Status: Invalid => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1631237
Title:
KMail: HTML injection in plain text viewer
To manage
** Changed in: kdepimlibs (Ubuntu Precise)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to kdepimlibs in Ubuntu.
https://bugs.launchpad.net/bugs/1631237
Title:
KMail: HTML injection in plain text
This bug was fixed in the package kdepimlibs - 4:4.13.3-0ubuntu0.3
---
kdepimlibs (4:4.13.3-0ubuntu0.3) trusty-security; urgency=high
* SECURITY UPDATE: KMail: HTML injection in plain text viewer
* References (LP: #1631237)
* CVE-2016-7966
* Avoid transforming as a url in
ACK on the debdiff in comment #1, thanks!
Package is building now and will be released later today.
** Changed in: kdepimlibs (Ubuntu Xenial)
Status: New => Invalid
** Changed in: kdepimlibs (Ubuntu Yakkety)
Status: New => Invalid
** Changed in: kdepimlibs (Ubuntu Precise)
This is a direct backport of the upstream commit and it applies cleanly.
I built the package in a clean trusty chroot and installed it on an up
to date Trusty system.
Kmail appears to be working correctly. I do not have a reproducer for
this, so I can't validate that the fix works (since it's
