I got more information on this today: On Thursday, July 12, 2012 02:51:28 PM David Faure <[email protected]> wrote: > On Saturday 07 July 2012 11:36:10 Scott Kitterman wrote: > > Would it be possible to get a sentence or two on what the vulnerability > > was > > that this fixed (the commit message isn't particularly helpful)? > > We found that javascript and external images were loaded (and interpreted > (the JS, not the images)) while rendering HTML emails in kmail. > > > Is there a CVE number? > > No. I sent the patch to [email protected], but I have no idea about the > process to get a CVE number. > > I also don't know how much damage this can really do, in any case.
Based on that, I can verify the fix works correctly for Precise (and since it's the same code, I'm sure it will for oneiric too). -- You received this bug notification because you are a member of Kubuntu Bugs, which is subscribed to kdepim in Ubuntu. https://bugs.launchpad.net/bugs/1022690 Title: kmail/kontact message viewer incorrectly defaults to having JavaScript, Java, and Plugins enabled To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/kdepim/+bug/1022690/+subscriptions -- kubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/kubuntu-bugs
