Launchpad.net

CVE 2017-9604

KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in KDE Applications before 17.04.2, do not ensure that a plugin's sign/encrypt action occurs during use of the Send Later feature, which allows remote attackers to obtain sensitive information by sniffing the network.

Related bugs and status

CVE-2017-9604 (Candidate) is related to these bugs:

Bug #1698180: [CVE] Send Later with Delay bypasses OpenPGP

		In	Importance	Status
1698180	[CVE] Send Later with Delay bypasses OpenPGP	kdepim (Ubuntu)	High	Invalid
1698180	[CVE] Send Later with Delay bypasses OpenPGP	kdepim (Ubuntu Trusty)	High	Fix Released
1698180	[CVE] Send Later with Delay bypasses OpenPGP	kdepim (Ubuntu Xenial)	High	Fix Released
1698180	[CVE] Send Later with Delay bypasses OpenPGP	kf5-messagelib (Ubuntu)	High	Fix Released
1698180	[CVE] Send Later with Delay bypasses OpenPGP	kmail (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://commits.kde.or...
CONFIRM: https://commits.kde.or...