MGASA-2018-0476

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2018-0476.html

Import Source

https://advisories.mageia.org/MGASA-2018-0476.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2018-0476

Related

CVE-2018-19516

Published

2018-12-03T22:13:03Z

Modified

2018-12-03T21:49:17Z

Summary

Updated messagelib packages fix security vulnerability

Details

Some HTML emails can trick messagelib into opening a new browser window when displaying said email as HTML. This happens even if the option to allow the HTML emails to access remote servers is disabled in KMail settings. This means that the owners of the servers referred in the email can see in their access logs your IP address (CVE-2018-19516).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:6 / messagelib

Package

Name: messagelib
Purl: pkg:rpm/mageia/messagelib?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

17.12.2-1.1.mga6

Ecosystem specific

{
    "section": "core"
}