Labels Milestones

New Issue

KMail is vulnerable to EFAIL #22

Closed

opened 5 years ago by luke-jr · 6 comments

luke-jr commented 5 years ago

Collaborator

https://www.efail.de/

https://www.efail.de/

deloptes commented 5 years ago

Collaborator

Hi, I am hanging on the gnupg mailing list. I recall there was some discussion around this.
probably tdes kmail is affected, but I do not see evidence and the discussion on gnupg was also worth reading.
could you provide more specific details reagrding tdes kmail?

Hi, I am hanging on the gnupg mailing list. I recall there was some discussion around this. probably tdes kmail is affected, but I do not see evidence and the discussion on gnupg was also worth reading. could you provide more specific details reagrding tdes kmail?

SlavekB commented 5 years ago

Owner

Somewhere in my notes I have links to the corresponding patches for KDE4 KMail. So thank you @luke-jr for reminding this.

Somewhere in my notes I have links to the corresponding patches for KDE4 KMail. So thank you @luke-jr for reminding this.

Alexis commented 2 years ago

Collaborator

Just a gentle reminder of this important pending issue to be fixed as I understand it to be "open" still.
Thank you very much for your volunteer work.

Just a gentle reminder of this important pending issue to be fixed as I understand it to be "open" still. Thank you very much for your volunteer work.

SlavekB referenced this issue 2 years ago

Limit CVE-2017-17689 (EFAIL) in KMail #70

SlavekB added this to the R14.0.13 release milestone 2 years ago

SlavekB commented 2 years ago

Owner

We made a backport patches from KDE Kmail that concerned EFAIL and adapted them for our TDE KMail. This was the case to require confirmation for loading external content for encrypted messages. Do you have any other knowledge?

We made a backport patches from KDE Kmail that concerned EFAIL and adapted them for our TDE KMail. This was the case to require confirmation for loading external content for encrypted messages. Do you have any other knowledge?

MicheleC referenced this issue from TDE/tde 2 years ago

R14.0.13 release notes #83

SlavekB commented 2 years ago

Owner

If someone has any new knowledge, do not hesitate to reopen this task. For now I close it as finished.

If someone has any new knowledge, do not hesitate to reopen this task. For now I close it as finished.

👍 1

SlavekB closed this issue 2 years ago

Alexis commented 2 years ago

Collaborator

I did not investigate beyond https://efail.de/ where the topic is basically explained.

I think that incorporating the same patches with which KDE closed the bug is enough.

Thank you very much!

I did not investigate beyond https://efail.de/ where the topic is basically explained. I think that incorporating the same patches with which KDE closed the bug is enough. Thank you very much!

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

disable-actions-due-to-folder-loading

issue/119/filename-escape

r14.1.x

master

bug/94/open-html

feat/korganizer

feat/karm-busyCntr-itemReset

r14.0.x

v3.5.13-sru

r14.1.2

r14.1.1

r14.1.0

r14.0.13

r14.0.12

r14.0.11

r14.0.10

r14.0.9

r14.0.8

r14.0.7

r14.0.6

r14.0.5

r14.0.4

r14.0.3

r14.0.2

r14.0.1

r14.0.0

v3.5.13.2

v3.5.13.1

v3.5.13

Labels

Apply labels

Clear labels

GE/need-info
General - need additional info from contributor PR/keep-branch
Pull request - do not delete branch after merging PR/not-ok
Pull request - need fixing PR/rfc
Pull request - request for comments PR/update-trans
Pull request - update to translation files needed PR/wip
Pull request - work in progress RS/R14.0.x
Related to R14.0.x series RS/R14.1.x
Related to R14.1.x series SL/critical
Severity level - critical SL/major
Severity level - major SL/minor
Severity level - minor SL/normal
Severity level - normal SL/regression
Severity level - regression from previous version SL/trivial
Severity level - trivial SL/wishlist
Severity level - wishlist request ST/duplicate
Status - duplicate of another issue ST/invalid
Status - invalid report ST/notourproblem
Status - not our problem ST/rejected
Status - rejected ST/wontfix
Status - won't fix ST/worksforme
Status - works for me, unable to reproduce

No Label GE/need-info PR/keep-branch PR/not-ok PR/rfc PR/update-trans PR/wip RS/R14.0.x RS/R14.1.x SL/critical SL/major SL/minor SL/normal SL/regression SL/trivial SL/wishlist ST/duplicate ST/invalid ST/notourproblem ST/rejected ST/wontfix ST/worksforme

Milestone

Set milestone

Clear milestone

No items

No Milestone

R14.0.13 release

Assignees

Assign users

Clear assignees

No Assignees

4 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: TDE/tdepim#22

Write Preview

Loading…

Cancel

Save

There is no content yet.