[Bug 1022690] Re: kmail/kontact message viewer incorrectly defaults to having JavaScript, Java, and Plugins enabled
Scott Kitterman
ubuntu at kitterman.com
Thu Jul 12 14:53:07 UTC 2012
I got more information on this today:
On Thursday, July 12, 2012 02:51:28 PM David Faure <... at kde.org> wrote:
> On Saturday 07 July 2012 11:36:10 Scott Kitterman wrote:
> > Would it be possible to get a sentence or two on what the vulnerability
> > was
> > that this fixed (the commit message isn't particularly helpful)?
>
> We found that javascript and external images were loaded (and interpreted
> (the JS, not the images)) while rendering HTML emails in kmail.
>
> > Is there a CVE number?
>
> No. I sent the patch to security at kde.org, but I have no idea about the
> process to get a CVE number.
>
> I also don't know how much damage this can really do, in any case.
Based on that, I can verify the fix works correctly for Precise (and
since it's the same code, I'm sure it will for oneiric too).
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to kdepim in Ubuntu.
https://bugs.launchpad.net/bugs/1022690
Title:
kmail/kontact message viewer incorrectly defaults to having
JavaScript, Java, and Plugins enabled
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/kdepim/+bug/1022690/+subscriptions
More information about the kubuntu-bugs
mailing list