Bug 16401

CVE-2014-8878 was fixed since kdepim 4.14.4, so mga 5 is not affected by this security issue.

Hardware: i586 => All
Version: 5 => 4
Source RPM: kdepim4-4.14.5-1.mga5.src.rpm => kdepim4-4.12.5-1.mga4.src.rpm
Whiteboard: MGA4TOO => (none)

Luc has uploaded a patched kdepim.  I don't know if it's ready for QA.

The package list appears to be:
akonadiconsole-4.12.5-1.1.mga4
akregator-4.12.5-1.1.mga4
akregator-handbook-4.12.5-1.1.mga4
blogilo-4.12.5-1.1.mga4
blogilo-handbook-4.12.5-1.1.mga4
kaddressbook-4.12.5-1.1.mga4
kaddressbook-handbook-4.12.5-1.1.mga4
kalarm-4.12.5-1.1.mga4
kalarm-handbook-4.12.5-1.1.mga4
kdepim4-4.12.5-1.1.mga4
kdepim4-core-4.12.5-1.1.mga4
kdepim4-devel-4.12.5-1.1.mga4
kdepim4-kresources-4.12.5-1.1.mga4
kincidenceeditor-4.12.5-1.1.mga4
kjots-4.12.5-1.1.mga4
kjots-handbook-4.12.5-1.1.mga4
kleopatra-4.12.5-1.1.mga4
kleopatra-handbook-4.12.5-1.1.mga4
kmail-4.12.5-1.1.mga4
kmail-handbook-4.12.5-1.1.mga4
kmailcvt-4.12.5-1.1.mga4
knode-4.12.5-1.1.mga4
knode-handbook-4.12.5-1.1.mga4
knotes-4.12.5-1.1.mga4
knotes-handbook-4.12.5-1.1.mga4
kontact-4.12.5-1.1.mga4
kontact-handbook-4.12.5-1.1.mga4
korganizer-4.12.5-1.1.mga4
korganizer-handbook-4.12.5-1.1.mga4
ksendemail-4.12.5-1.1.mga4
ktimetracker-4.12.5-1.1.mga4
ktimetracker-handbook-4.12.5-1.1.mga4
ktnef-4.12.5-1.1.mga4
ktnef-handbook-4.12.5-1.1.mga4
libakonadi-next4-4.12.5-1.1.mga4
libakregatorinterfaces4-4.12.5-1.1.mga4
libakregatorprivate4-4.12.5-1.1.mga4
libcalendarsupport4-4.12.5-1.1.mga4
libcomposereditorng4-4.12.5-1.1.mga4
libeventviews4-4.12.5-1.1.mga4
libfolderarchive4-4.12.5-1.1.mga4
libgrammar4-4.12.5-1.1.mga4
libgrantleetheme4-4.12.5-1.1.mga4
libgrantleethemeeditor4-4.12.5-1.1.mga4
libincidenceeditorsng4-4.12.5-1.1.mga4
libincidenceeditorsngmobile4-4.12.5-1.1.mga4.i5
libkaddressbookgrantlee4-4.12.5-1.1.mga4
libkaddressbookprivate4-4.12.5-1.1.mga4
libkcal_resourceblog4-4.12.5-1.1.mga4
libkcal_resourceremote4-4.12.5-1.1.mga4
libkdepim4-4.12.5-1.1.mga4
libkdepimdbusinterfaces4-4.12.5-1.1.mga4
libkdgantt20-4.12.5-1.1.mga4
libkleo4-4.12.5-1.1.mga4
libkleopatraclientcore0-4.12.5-1.1.mga4
libkleopatraclientgui0-4.12.5-1.1.mga4
libkmailprivate4-4.12.5-1.1.mga4
libkmanagesieve4-4.12.5-1.1.mga4
libknodecommon4-4.12.5-1.1.mga4
libknotesprivate4-4.12.5-1.1.mga4
libkontactprivate4-4.12.5-1.1.mga4
libkorganizer_core4-4.12.5-1.1.mga4
libkorganizer_interfaces4-4.12.5-1.1.mga4
libkorganizerprivate4-4.12.5-1.1.mga4
libkpgp4-4.12.5-1.1.mga4
libksieve4-4.12.5-1.1.mga4
libksieveui4-4.12.5-1.1.mga4
libmailcommon4-4.12.5-1.1.mga4
libmailimporter4-4.12.5-1.1.mga4
libmessagecomposer4-4.12.5-1.1.mga4
libmessagecore4-4.12.5-1.1.mga4
libmessagelist4-4.12.5-1.1.mga4
libmessageviewer4-4.12.5-1.1.mga4
libpimactivity4-4.12.5-1.1.mga4
libpimcommon4-4.12.5-1.1.mga4
libsendlater4-4.12.5-1.1.mga4
libtemplateparser4-4.12.5-1.1.mga4
messageviewer-4.12.5-1.1.mga4

from kdepim-4.12.5-1.1.mga4.src.rpm

Yep, it's ready for QA, sorry for the delay.

Suggested advisory:

This update fixes a security vulnerability in kdepim : kmail doesn't encrypt attachments when "automatic encryption" is selected (CVE-2014-8878).

References:
https://bugs.mageia.org/show_bug.cgi?id=16401
https://bugs.kde.org/show_bug.cgi?id=340312
http://www.openwall.com/lists/oss-security/2015/07/16/10


src.rpm:
kdepim4-4.12.5-1.1.mga4.src.rpm

packages for i586:
akonadiconsole-4.12.5-1.1.mga4.i586.rpm
akregator-4.12.5-1.1.mga4.i586.rpm
akregator-handbook-4.12.5-1.1.mga4.noarch.rpm
blogilo-4.12.5-1.1.mga4.i586.rpm
blogilo-handbook-4.12.5-1.1.mga4.noarch.rpm
kaddressbook-4.12.5-1.1.mga4.i586.rpm
kaddressbook-handbook-4.12.5-1.1.mga4.noarch.rpm
kalarm-4.12.5-1.1.mga4.i586.rpm
kalarm-handbook-4.12.5-1.1.mga4.noarch.rpm
kdepim4-4.12.5-1.1.mga4.i586.rpm
kdepim4-core-4.12.5-1.1.mga4.i586.rpm
kdepim4-devel-4.12.5-1.1.mga4.i586.rpm
kdepim4-kresources-4.12.5-1.1.mga4.i586.rpm
kincidenceeditor-4.12.5-1.1.mga4.i586.rpm
kjots-4.12.5-1.1.mga4.i586.rpm
kjots-handbook-4.12.5-1.1.mga4.noarch.rpm
kleopatra-4.12.5-1.1.mga4.i586.rpm
kleopatra-handbook-4.12.5-1.1.mga4.noarch.rpm
kmail-4.12.5-1.1.mga4.i586.rpm
kmailcvt-4.12.5-1.1.mga4.i586.rpm
kmail-handbook-4.12.5-1.1.mga4.noarch.rpm
knode-4.12.5-1.1.mga4.i586.rpm
knode-handbook-4.12.5-1.1.mga4.noarch.rpm
knotes-4.12.5-1.1.mga4.i586.rpm
knotes-handbook-4.12.5-1.1.mga4.noarch.rpm
kontact-4.12.5-1.1.mga4.i586.rpm
kontact-handbook-4.12.5-1.1.mga4.noarch.rpm
korganizer-4.12.5-1.1.mga4.i586.rpm
korganizer-handbook-4.12.5-1.1.mga4.noarch.rpm
ksendemail-4.12.5-1.1.mga4.i586.rpm
ktimetracker-4.12.5-1.1.mga4.i586.rpm
ktimetracker-handbook-4.12.5-1.1.mga4.noarch.rpm
ktnef-4.12.5-1.1.mga4.i586.rpm
ktnef-handbook-4.12.5-1.1.mga4.noarch.rpm
libakonadi-next4-4.12.5-1.1.mga4.i586.rpm
libakregatorinterfaces4-4.12.5-1.1.mga4.i586.rpm
libakregatorprivate4-4.12.5-1.1.mga4.i586.rpm
libcalendarsupport4-4.12.5-1.1.mga4.i586.rpm
libcomposereditorng4-4.12.5-1.1.mga4.i586.rpm
libeventviews4-4.12.5-1.1.mga4.i586.rpm
libfolderarchive4-4.12.5-1.1.mga4.i586.rpm
libgrammar4-4.12.5-1.1.mga4.i586.rpm
libgrantleetheme4-4.12.5-1.1.mga4.i586.rpm
libgrantleethemeeditor4-4.12.5-1.1.mga4.i586.rpm
libincidenceeditorsng4-4.12.5-1.1.mga4.i586.rpm
libincidenceeditorsngmobile4-4.12.5-1.1.mga4.i586.rpm
libkaddressbookgrantlee4-4.12.5-1.1.mga4.i586.rpm
libkaddressbookprivate4-4.12.5-1.1.mga4.i586.rpm
libkcal_resourceblog4-4.12.5-1.1.mga4.i586.rpm
libkcal_resourceremote4-4.12.5-1.1.mga4.i586.rpm
libkdepim4-4.12.5-1.1.mga4.i586.rpm
libkdepimdbusinterfaces4-4.12.5-1.1.mga4.i586.rpm
libkdgantt20-4.12.5-1.1.mga4.i586.rpm
libkleo4-4.12.5-1.1.mga4.i586.rpm
libkleopatraclientcore0-4.12.5-1.1.mga4.i586.rpm
libkleopatraclientgui0-4.12.5-1.1.mga4.i586.rpm
libkmailprivate4-4.12.5-1.1.mga4.i586.rpm
libkmanagesieve4-4.12.5-1.1.mga4.i586.rpm
libknodecommon4-4.12.5-1.1.mga4.i586.rpm
libknotesprivate4-4.12.5-1.1.mga4.i586.rpm
libkontactprivate4-4.12.5-1.1.mga4.i586.rpm
libkorganizer_core4-4.12.5-1.1.mga4.i586.rpm
libkorganizer_interfaces4-4.12.5-1.1.mga4.i586.rpm
libkorganizerprivate4-4.12.5-1.1.mga4.i586.rpm
libkpgp4-4.12.5-1.1.mga4.i586.rpm
libksieve4-4.12.5-1.1.mga4.i586.rpm
libksieveui4-4.12.5-1.1.mga4.i586.rpm
libmailcommon4-4.12.5-1.1.mga4.i586.rpm
libmailimporter4-4.12.5-1.1.mga4.i586.rpm
libmessagecomposer4-4.12.5-1.1.mga4.i586.rpm
libmessagecore4-4.12.5-1.1.mga4.i586.rpm
libmessagelist4-4.12.5-1.1.mga4.i586.rpm
libmessageviewer4-4.12.5-1.1.mga4.i586.rpm
libpimactivity4-4.12.5-1.1.mga4.i586.rpm
libpimcommon4-4.12.5-1.1.mga4.i586.rpm
libsendlater4-4.12.5-1.1.mga4.i586.rpm
libtemplateparser4-4.12.5-1.1.mga4.i586.rpm
messageviewer-4.12.5-1.1.mga4.i586.rpm
pimactivity-4.12.5-1.1.mga4.i586.rpm


packages for x86_64:
akonadiconsole-4.12.5-1.1.mga4.x86_64.rpm
akregator-4.12.5-1.1.mga4.x86_64.rpm
akregator-handbook-4.12.5-1.1.mga4.noarch.rpm
blogilo-4.12.5-1.1.mga4.x86_64.rpm
blogilo-handbook-4.12.5-1.1.mga4.noarch.rpm
kaddressbook-4.12.5-1.1.mga4.x86_64.rpm
kaddressbook-handbook-4.12.5-1.1.mga4.noarch.rpm
kalarm-4.12.5-1.1.mga4.x86_64.rpm
kalarm-handbook-4.12.5-1.1.mga4.noarch.rpm
kdepim4-4.12.5-1.1.mga4.x86_64.rpm
kdepim4-core-4.12.5-1.1.mga4.x86_64.rpm
kdepim4-devel-4.12.5-1.1.mga4.x86_64.rpm
kdepim4-kresources-4.12.5-1.1.mga4.x86_64.rpm
kincidenceeditor-4.12.5-1.1.mga4.x86_64.rpm
kjots-4.12.5-1.1.mga4.x86_64.rpm
kjots-handbook-4.12.5-1.1.mga4.noarch.rpm
kleopatra-4.12.5-1.1.mga4.x86_64.rpm
kleopatra-handbook-4.12.5-1.1.mga4.noarch.rpm
kmail-4.12.5-1.1.mga4.x86_64.rpm
kmailcvt-4.12.5-1.1.mga4.x86_64.rpm
kmail-handbook-4.12.5-1.1.mga4.noarch.rpm
knode-4.12.5-1.1.mga4.x86_64.rpm
knode-handbook-4.12.5-1.1.mga4.noarch.rpm
knotes-4.12.5-1.1.mga4.x86_64.rpm
knotes-handbook-4.12.5-1.1.mga4.noarch.rpm
kontact-4.12.5-1.1.mga4.x86_64.rpm
kontact-handbook-4.12.5-1.1.mga4.noarch.rpm
korganizer-4.12.5-1.1.mga4.x86_64.rpm
korganizer-handbook-4.12.5-1.1.mga4.noarch.rpm
ksendemail-4.12.5-1.1.mga4.x86_64.rpm
ktimetracker-4.12.5-1.1.mga4.x86_64.rpm
ktimetracker-handbook-4.12.5-1.1.mga4.noarch.rpm
ktnef-4.12.5-1.1.mga4.x86_64.rpm
ktnef-handbook-4.12.5-1.1.mga4.noarch.rpm
lib64akonadi-next4-4.12.5-1.1.mga4.x86_64.rpm
lib64akregatorinterfaces4-4.12.5-1.1.mga4.x86_64.rpm
lib64akregatorprivate4-4.12.5-1.1.mga4.x86_64.rpm
lib64calendarsupport4-4.12.5-1.1.mga4.x86_64.rpm
lib64composereditorng4-4.12.5-1.1.mga4.x86_64.rpm
lib64eventviews4-4.12.5-1.1.mga4.x86_64.rpm
lib64folderarchive4-4.12.5-1.1.mga4.x86_64.rpm
lib64grammar4-4.12.5-1.1.mga4.x86_64.rpm
lib64grantleetheme4-4.12.5-1.1.mga4.x86_64.rpm
lib64grantleethemeeditor4-4.12.5-1.1.mga4.x86_64.rpm
lib64incidenceeditorsng4-4.12.5-1.1.mga4.x86_64.rpm
lib64incidenceeditorsngmobile4-4.12.5-1.1.mga4.x86_64.rpm
lib64kaddressbookgrantlee4-4.12.5-1.1.mga4.x86_64.rpm
lib64kaddressbookprivate4-4.12.5-1.1.mga4.x86_64.rpm
lib64kcal_resourceblog4-4.12.5-1.1.mga4.x86_64.rpm
lib64kcal_resourceremote4-4.12.5-1.1.mga4.x86_64.rpm
lib64kdepim4-4.12.5-1.1.mga4.x86_64.rpm
lib64kdepimdbusinterfaces4-4.12.5-1.1.mga4.x86_64.rpm
lib64kdgantt20-4.12.5-1.1.mga4.x86_64.rpm
lib64kleo4-4.12.5-1.1.mga4.x86_64.rpm
lib64kleopatraclientcore0-4.12.5-1.1.mga4.x86_64.rpm
lib64kleopatraclientgui0-4.12.5-1.1.mga4.x86_64.rpm
lib64kmailprivate4-4.12.5-1.1.mga4.x86_64.rpm
lib64kmanagesieve4-4.12.5-1.1.mga4.x86_64.rpm
lib64knodecommon4-4.12.5-1.1.mga4.x86_64.rpm
lib64knotesprivate4-4.12.5-1.1.mga4.x86_64.rpm
lib64kontactprivate4-4.12.5-1.1.mga4.x86_64.rpm
lib64korganizer_core4-4.12.5-1.1.mga4.x86_64.rpm
lib64korganizer_interfaces4-4.12.5-1.1.mga4.x86_64.rpm
lib64korganizerprivate4-4.12.5-1.1.mga4.x86_64.rpm
lib64kpgp4-4.12.5-1.1.mga4.x86_64.rpm
lib64ksieve4-4.12.5-1.1.mga4.x86_64.rpm
lib64ksieveui4-4.12.5-1.1.mga4.x86_64.rpm
lib64mailcommon4-4.12.5-1.1.mga4.x86_64.rpm
lib64mailimporter4-4.12.5-1.1.mga4.x86_64.rpm
lib64messagecomposer4-4.12.5-1.1.mga4.x86_64.rpm
lib64messagecore4-4.12.5-1.1.mga4.x86_64.rpm
lib64messagelist4-4.12.5-1.1.mga4.x86_64.rpm
lib64messageviewer4-4.12.5-1.1.mga4.x86_64.rpm
lib64pimactivity4-4.12.5-1.1.mga4.x86_64.rpm
lib64pimcommon4-4.12.5-1.1.mga4.x86_64.rpm
lib64sendlater4-4.12.5-1.1.mga4.x86_64.rpm
lib64templateparser4-4.12.5-1.1.mga4.x86_64.rpm
messageviewer-4.12.5-1.1.mga4.x86_64.rpm
pimactivity-4.12.5-1.1.mga4.x86_64.rpm

Assignee: lmenut => qa-bugs

Just to help followers, the following link from Comment 3 is really helpful:
 https://bugs.kde.org/show_bug.cgi?id=340312
It describes the problem clearly, and anyone who uses KMail with encryptation can test it easily. (Excludes myself).

CC: (none) => lewyssmith

MGA4-32 on AcerD620 Xfce
No installation issues.
I configured Kmail to use one of my e-mail accounts and used gpg gen-key to generate keys, and made sure these are known in Kmail - Identity settings. I also made the setting to automatically encrypt messages.
Now in contrast what is written in https://bugs.kde.org/show_bug.cgi?id=340312 , Kmail does not ask any question for encrypting when sending a message with an appendix.
I receive the message on a MGA5-64 PC with a freshly installed Thunderbird. At the first try I sent the public key as an appendix, the second time I did not.
Thunderbird asked no questions, accepted the messages and the mails. I could open the appendices clearly.
I never used Kmail before.

CC: (none) => herman.viaene

On MGA4 x64

Just a note to say that I installed [as many as I had] the updated pkgs listed in Comment 3, and have been using KDE for Mageia 4 since. No problems noted.
I would try this if I had the faintest idea about setting up & using encryptation; perhaps ask Herman...

I've been using the new kmail for some time, and based on previous comments I consider both archs tested. Validating.

Keywords: (none) => validated_update
Whiteboard: has_procedure advisory => has_procedure advisory MGA4-32-OK MGA4-64-OK
CC: (none) => sysadmin-bugs

An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2015-0315.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED