A CVE was assigned for a security issue fixed upstream in kmail: http://www.openwall.com/lists/oss-security/2015/07/16/10 The message above contains a link to the upstream bug report and commit to fix the issue. Reproducible: Steps to Reproduce:
CC: (none) => mageiaWhiteboard: (none) => MGA4TOO
CVE-2014-8878 was fixed since kdepim 4.14.4, so mga 5 is not affected by this security issue.
Hardware: i586 => AllVersion: 5 => 4Source RPM: kdepim4-4.14.5-1.mga5.src.rpm => kdepim4-4.12.5-1.mga4.src.rpmWhiteboard: MGA4TOO => (none)
Luc has uploaded a patched kdepim. I don't know if it's ready for QA. The package list appears to be: akonadiconsole-4.12.5-1.1.mga4 akregator-4.12.5-1.1.mga4 akregator-handbook-4.12.5-1.1.mga4 blogilo-4.12.5-1.1.mga4 blogilo-handbook-4.12.5-1.1.mga4 kaddressbook-4.12.5-1.1.mga4 kaddressbook-handbook-4.12.5-1.1.mga4 kalarm-4.12.5-1.1.mga4 kalarm-handbook-4.12.5-1.1.mga4 kdepim4-4.12.5-1.1.mga4 kdepim4-core-4.12.5-1.1.mga4 kdepim4-devel-4.12.5-1.1.mga4 kdepim4-kresources-4.12.5-1.1.mga4 kincidenceeditor-4.12.5-1.1.mga4 kjots-4.12.5-1.1.mga4 kjots-handbook-4.12.5-1.1.mga4 kleopatra-4.12.5-1.1.mga4 kleopatra-handbook-4.12.5-1.1.mga4 kmail-4.12.5-1.1.mga4 kmail-handbook-4.12.5-1.1.mga4 kmailcvt-4.12.5-1.1.mga4 knode-4.12.5-1.1.mga4 knode-handbook-4.12.5-1.1.mga4 knotes-4.12.5-1.1.mga4 knotes-handbook-4.12.5-1.1.mga4 kontact-4.12.5-1.1.mga4 kontact-handbook-4.12.5-1.1.mga4 korganizer-4.12.5-1.1.mga4 korganizer-handbook-4.12.5-1.1.mga4 ksendemail-4.12.5-1.1.mga4 ktimetracker-4.12.5-1.1.mga4 ktimetracker-handbook-4.12.5-1.1.mga4 ktnef-4.12.5-1.1.mga4 ktnef-handbook-4.12.5-1.1.mga4 libakonadi-next4-4.12.5-1.1.mga4 libakregatorinterfaces4-4.12.5-1.1.mga4 libakregatorprivate4-4.12.5-1.1.mga4 libcalendarsupport4-4.12.5-1.1.mga4 libcomposereditorng4-4.12.5-1.1.mga4 libeventviews4-4.12.5-1.1.mga4 libfolderarchive4-4.12.5-1.1.mga4 libgrammar4-4.12.5-1.1.mga4 libgrantleetheme4-4.12.5-1.1.mga4 libgrantleethemeeditor4-4.12.5-1.1.mga4 libincidenceeditorsng4-4.12.5-1.1.mga4 libincidenceeditorsngmobile4-4.12.5-1.1.mga4.i5 libkaddressbookgrantlee4-4.12.5-1.1.mga4 libkaddressbookprivate4-4.12.5-1.1.mga4 libkcal_resourceblog4-4.12.5-1.1.mga4 libkcal_resourceremote4-4.12.5-1.1.mga4 libkdepim4-4.12.5-1.1.mga4 libkdepimdbusinterfaces4-4.12.5-1.1.mga4 libkdgantt20-4.12.5-1.1.mga4 libkleo4-4.12.5-1.1.mga4 libkleopatraclientcore0-4.12.5-1.1.mga4 libkleopatraclientgui0-4.12.5-1.1.mga4 libkmailprivate4-4.12.5-1.1.mga4 libkmanagesieve4-4.12.5-1.1.mga4 libknodecommon4-4.12.5-1.1.mga4 libknotesprivate4-4.12.5-1.1.mga4 libkontactprivate4-4.12.5-1.1.mga4 libkorganizer_core4-4.12.5-1.1.mga4 libkorganizer_interfaces4-4.12.5-1.1.mga4 libkorganizerprivate4-4.12.5-1.1.mga4 libkpgp4-4.12.5-1.1.mga4 libksieve4-4.12.5-1.1.mga4 libksieveui4-4.12.5-1.1.mga4 libmailcommon4-4.12.5-1.1.mga4 libmailimporter4-4.12.5-1.1.mga4 libmessagecomposer4-4.12.5-1.1.mga4 libmessagecore4-4.12.5-1.1.mga4 libmessagelist4-4.12.5-1.1.mga4 libmessageviewer4-4.12.5-1.1.mga4 libpimactivity4-4.12.5-1.1.mga4 libpimcommon4-4.12.5-1.1.mga4 libsendlater4-4.12.5-1.1.mga4 libtemplateparser4-4.12.5-1.1.mga4 messageviewer-4.12.5-1.1.mga4 from kdepim-4.12.5-1.1.mga4.src.rpm
Yep, it's ready for QA, sorry for the delay. Suggested advisory: This update fixes a security vulnerability in kdepim : kmail doesn't encrypt attachments when "automatic encryption" is selected (CVE-2014-8878). References: https://bugs.mageia.org/show_bug.cgi?id=16401 https://bugs.kde.org/show_bug.cgi?id=340312 http://www.openwall.com/lists/oss-security/2015/07/16/10 src.rpm: kdepim4-4.12.5-1.1.mga4.src.rpm packages for i586: akonadiconsole-4.12.5-1.1.mga4.i586.rpm akregator-4.12.5-1.1.mga4.i586.rpm akregator-handbook-4.12.5-1.1.mga4.noarch.rpm blogilo-4.12.5-1.1.mga4.i586.rpm blogilo-handbook-4.12.5-1.1.mga4.noarch.rpm kaddressbook-4.12.5-1.1.mga4.i586.rpm kaddressbook-handbook-4.12.5-1.1.mga4.noarch.rpm kalarm-4.12.5-1.1.mga4.i586.rpm kalarm-handbook-4.12.5-1.1.mga4.noarch.rpm kdepim4-4.12.5-1.1.mga4.i586.rpm kdepim4-core-4.12.5-1.1.mga4.i586.rpm kdepim4-devel-4.12.5-1.1.mga4.i586.rpm kdepim4-kresources-4.12.5-1.1.mga4.i586.rpm kincidenceeditor-4.12.5-1.1.mga4.i586.rpm kjots-4.12.5-1.1.mga4.i586.rpm kjots-handbook-4.12.5-1.1.mga4.noarch.rpm kleopatra-4.12.5-1.1.mga4.i586.rpm kleopatra-handbook-4.12.5-1.1.mga4.noarch.rpm kmail-4.12.5-1.1.mga4.i586.rpm kmailcvt-4.12.5-1.1.mga4.i586.rpm kmail-handbook-4.12.5-1.1.mga4.noarch.rpm knode-4.12.5-1.1.mga4.i586.rpm knode-handbook-4.12.5-1.1.mga4.noarch.rpm knotes-4.12.5-1.1.mga4.i586.rpm knotes-handbook-4.12.5-1.1.mga4.noarch.rpm kontact-4.12.5-1.1.mga4.i586.rpm kontact-handbook-4.12.5-1.1.mga4.noarch.rpm korganizer-4.12.5-1.1.mga4.i586.rpm korganizer-handbook-4.12.5-1.1.mga4.noarch.rpm ksendemail-4.12.5-1.1.mga4.i586.rpm ktimetracker-4.12.5-1.1.mga4.i586.rpm ktimetracker-handbook-4.12.5-1.1.mga4.noarch.rpm ktnef-4.12.5-1.1.mga4.i586.rpm ktnef-handbook-4.12.5-1.1.mga4.noarch.rpm libakonadi-next4-4.12.5-1.1.mga4.i586.rpm libakregatorinterfaces4-4.12.5-1.1.mga4.i586.rpm libakregatorprivate4-4.12.5-1.1.mga4.i586.rpm libcalendarsupport4-4.12.5-1.1.mga4.i586.rpm libcomposereditorng4-4.12.5-1.1.mga4.i586.rpm libeventviews4-4.12.5-1.1.mga4.i586.rpm libfolderarchive4-4.12.5-1.1.mga4.i586.rpm libgrammar4-4.12.5-1.1.mga4.i586.rpm libgrantleetheme4-4.12.5-1.1.mga4.i586.rpm libgrantleethemeeditor4-4.12.5-1.1.mga4.i586.rpm libincidenceeditorsng4-4.12.5-1.1.mga4.i586.rpm libincidenceeditorsngmobile4-4.12.5-1.1.mga4.i586.rpm libkaddressbookgrantlee4-4.12.5-1.1.mga4.i586.rpm libkaddressbookprivate4-4.12.5-1.1.mga4.i586.rpm libkcal_resourceblog4-4.12.5-1.1.mga4.i586.rpm libkcal_resourceremote4-4.12.5-1.1.mga4.i586.rpm libkdepim4-4.12.5-1.1.mga4.i586.rpm libkdepimdbusinterfaces4-4.12.5-1.1.mga4.i586.rpm libkdgantt20-4.12.5-1.1.mga4.i586.rpm libkleo4-4.12.5-1.1.mga4.i586.rpm libkleopatraclientcore0-4.12.5-1.1.mga4.i586.rpm libkleopatraclientgui0-4.12.5-1.1.mga4.i586.rpm libkmailprivate4-4.12.5-1.1.mga4.i586.rpm libkmanagesieve4-4.12.5-1.1.mga4.i586.rpm libknodecommon4-4.12.5-1.1.mga4.i586.rpm libknotesprivate4-4.12.5-1.1.mga4.i586.rpm libkontactprivate4-4.12.5-1.1.mga4.i586.rpm libkorganizer_core4-4.12.5-1.1.mga4.i586.rpm libkorganizer_interfaces4-4.12.5-1.1.mga4.i586.rpm libkorganizerprivate4-4.12.5-1.1.mga4.i586.rpm libkpgp4-4.12.5-1.1.mga4.i586.rpm libksieve4-4.12.5-1.1.mga4.i586.rpm libksieveui4-4.12.5-1.1.mga4.i586.rpm libmailcommon4-4.12.5-1.1.mga4.i586.rpm libmailimporter4-4.12.5-1.1.mga4.i586.rpm libmessagecomposer4-4.12.5-1.1.mga4.i586.rpm libmessagecore4-4.12.5-1.1.mga4.i586.rpm libmessagelist4-4.12.5-1.1.mga4.i586.rpm libmessageviewer4-4.12.5-1.1.mga4.i586.rpm libpimactivity4-4.12.5-1.1.mga4.i586.rpm libpimcommon4-4.12.5-1.1.mga4.i586.rpm libsendlater4-4.12.5-1.1.mga4.i586.rpm libtemplateparser4-4.12.5-1.1.mga4.i586.rpm messageviewer-4.12.5-1.1.mga4.i586.rpm pimactivity-4.12.5-1.1.mga4.i586.rpm packages for x86_64: akonadiconsole-4.12.5-1.1.mga4.x86_64.rpm akregator-4.12.5-1.1.mga4.x86_64.rpm akregator-handbook-4.12.5-1.1.mga4.noarch.rpm blogilo-4.12.5-1.1.mga4.x86_64.rpm blogilo-handbook-4.12.5-1.1.mga4.noarch.rpm kaddressbook-4.12.5-1.1.mga4.x86_64.rpm kaddressbook-handbook-4.12.5-1.1.mga4.noarch.rpm kalarm-4.12.5-1.1.mga4.x86_64.rpm kalarm-handbook-4.12.5-1.1.mga4.noarch.rpm kdepim4-4.12.5-1.1.mga4.x86_64.rpm kdepim4-core-4.12.5-1.1.mga4.x86_64.rpm kdepim4-devel-4.12.5-1.1.mga4.x86_64.rpm kdepim4-kresources-4.12.5-1.1.mga4.x86_64.rpm kincidenceeditor-4.12.5-1.1.mga4.x86_64.rpm kjots-4.12.5-1.1.mga4.x86_64.rpm kjots-handbook-4.12.5-1.1.mga4.noarch.rpm kleopatra-4.12.5-1.1.mga4.x86_64.rpm kleopatra-handbook-4.12.5-1.1.mga4.noarch.rpm kmail-4.12.5-1.1.mga4.x86_64.rpm kmailcvt-4.12.5-1.1.mga4.x86_64.rpm kmail-handbook-4.12.5-1.1.mga4.noarch.rpm knode-4.12.5-1.1.mga4.x86_64.rpm knode-handbook-4.12.5-1.1.mga4.noarch.rpm knotes-4.12.5-1.1.mga4.x86_64.rpm knotes-handbook-4.12.5-1.1.mga4.noarch.rpm kontact-4.12.5-1.1.mga4.x86_64.rpm kontact-handbook-4.12.5-1.1.mga4.noarch.rpm korganizer-4.12.5-1.1.mga4.x86_64.rpm korganizer-handbook-4.12.5-1.1.mga4.noarch.rpm ksendemail-4.12.5-1.1.mga4.x86_64.rpm ktimetracker-4.12.5-1.1.mga4.x86_64.rpm ktimetracker-handbook-4.12.5-1.1.mga4.noarch.rpm ktnef-4.12.5-1.1.mga4.x86_64.rpm ktnef-handbook-4.12.5-1.1.mga4.noarch.rpm lib64akonadi-next4-4.12.5-1.1.mga4.x86_64.rpm lib64akregatorinterfaces4-4.12.5-1.1.mga4.x86_64.rpm lib64akregatorprivate4-4.12.5-1.1.mga4.x86_64.rpm lib64calendarsupport4-4.12.5-1.1.mga4.x86_64.rpm lib64composereditorng4-4.12.5-1.1.mga4.x86_64.rpm lib64eventviews4-4.12.5-1.1.mga4.x86_64.rpm lib64folderarchive4-4.12.5-1.1.mga4.x86_64.rpm lib64grammar4-4.12.5-1.1.mga4.x86_64.rpm lib64grantleetheme4-4.12.5-1.1.mga4.x86_64.rpm lib64grantleethemeeditor4-4.12.5-1.1.mga4.x86_64.rpm lib64incidenceeditorsng4-4.12.5-1.1.mga4.x86_64.rpm lib64incidenceeditorsngmobile4-4.12.5-1.1.mga4.x86_64.rpm lib64kaddressbookgrantlee4-4.12.5-1.1.mga4.x86_64.rpm lib64kaddressbookprivate4-4.12.5-1.1.mga4.x86_64.rpm lib64kcal_resourceblog4-4.12.5-1.1.mga4.x86_64.rpm lib64kcal_resourceremote4-4.12.5-1.1.mga4.x86_64.rpm lib64kdepim4-4.12.5-1.1.mga4.x86_64.rpm lib64kdepimdbusinterfaces4-4.12.5-1.1.mga4.x86_64.rpm lib64kdgantt20-4.12.5-1.1.mga4.x86_64.rpm lib64kleo4-4.12.5-1.1.mga4.x86_64.rpm lib64kleopatraclientcore0-4.12.5-1.1.mga4.x86_64.rpm lib64kleopatraclientgui0-4.12.5-1.1.mga4.x86_64.rpm lib64kmailprivate4-4.12.5-1.1.mga4.x86_64.rpm lib64kmanagesieve4-4.12.5-1.1.mga4.x86_64.rpm lib64knodecommon4-4.12.5-1.1.mga4.x86_64.rpm lib64knotesprivate4-4.12.5-1.1.mga4.x86_64.rpm lib64kontactprivate4-4.12.5-1.1.mga4.x86_64.rpm lib64korganizer_core4-4.12.5-1.1.mga4.x86_64.rpm lib64korganizer_interfaces4-4.12.5-1.1.mga4.x86_64.rpm lib64korganizerprivate4-4.12.5-1.1.mga4.x86_64.rpm lib64kpgp4-4.12.5-1.1.mga4.x86_64.rpm lib64ksieve4-4.12.5-1.1.mga4.x86_64.rpm lib64ksieveui4-4.12.5-1.1.mga4.x86_64.rpm lib64mailcommon4-4.12.5-1.1.mga4.x86_64.rpm lib64mailimporter4-4.12.5-1.1.mga4.x86_64.rpm lib64messagecomposer4-4.12.5-1.1.mga4.x86_64.rpm lib64messagecore4-4.12.5-1.1.mga4.x86_64.rpm lib64messagelist4-4.12.5-1.1.mga4.x86_64.rpm lib64messageviewer4-4.12.5-1.1.mga4.x86_64.rpm lib64pimactivity4-4.12.5-1.1.mga4.x86_64.rpm lib64pimcommon4-4.12.5-1.1.mga4.x86_64.rpm lib64sendlater4-4.12.5-1.1.mga4.x86_64.rpm lib64templateparser4-4.12.5-1.1.mga4.x86_64.rpm messageviewer-4.12.5-1.1.mga4.x86_64.rpm pimactivity-4.12.5-1.1.mga4.x86_64.rpm
Assignee: lmenut => qa-bugs
Just to help followers, the following link from Comment 3 is really helpful: https://bugs.kde.org/show_bug.cgi?id=340312 It describes the problem clearly, and anyone who uses KMail with encryptation can test it easily. (Excludes myself).
CC: (none) => lewyssmith
Whiteboard: (none) => has_procedure
CC: (none) => davidwhodginsWhiteboard: has_procedure => has_procedure advisory
MGA4-32 on AcerD620 Xfce No installation issues. I configured Kmail to use one of my e-mail accounts and used gpg gen-key to generate keys, and made sure these are known in Kmail - Identity settings. I also made the setting to automatically encrypt messages. Now in contrast what is written in https://bugs.kde.org/show_bug.cgi?id=340312 , Kmail does not ask any question for encrypting when sending a message with an appendix. I receive the message on a MGA5-64 PC with a freshly installed Thunderbird. At the first try I sent the public key as an appendix, the second time I did not. Thunderbird asked no questions, accepted the messages and the mails. I could open the appendices clearly. I never used Kmail before.
CC: (none) => herman.viaene
On MGA4 x64 Just a note to say that I installed [as many as I had] the updated pkgs listed in Comment 3, and have been using KDE for Mageia 4 since. No problems noted. I would try this if I had the faintest idea about setting up & using encryptation; perhaps ask Herman...
I've been using the new kmail for some time, and based on previous comments I consider both archs tested. Validating.
Keywords: (none) => validated_updateWhiteboard: has_procedure advisory => has_procedure advisory MGA4-32-OK MGA4-64-OKCC: (none) => sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0315.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
URL: (none) => http://lwn.net/Vulnerabilities/654904/