USN-7732-1

It was discovered that KMail Account Wizard used HTTP rather than HTTPS when retrieving certain email server configurations. An attacker could possibly use this issue to cause email clients to use an attacker-controlled email server.

References

Affected packages

Ubuntu:Pro:18.04:LTS / kmail-account-wizard

Package

Name: kmail-account-wizard
Purl: pkg:deb/ubuntu/kmail-account-wizard@4:17.12.3-0ubuntu1+esm1?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4:17.12.3-0ubuntu1+esm1

Affected versions

4:17.*

4:17.04.3-0ubuntu1

4:17.08.3-0ubuntu1

4:17.12.2-0ubuntu1

4:17.12.3-0ubuntu1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "accountwizard",
            "binary_version": "4:17.12.3-0ubuntu1+esm1"
        }
    ],
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro"
}

Ubuntu:Pro:20.04:LTS / kmail-account-wizard

Package

Name: kmail-account-wizard
Purl: pkg:deb/ubuntu/kmail-account-wizard@4:19.12.3-0ubuntu1+esm1?arch=source&distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4:19.12.3-0ubuntu1+esm1

Affected versions

4:19.*

4:19.04.3-0ubuntu1

4:19.04.3-0ubuntu2

4:19.12.3-0ubuntu1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "accountwizard",
            "binary_version": "4:19.12.3-0ubuntu1+esm1"
        }
    ],
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro"
}

Ubuntu:Pro:22.04:LTS / kmail-account-wizard

Package

Name: kmail-account-wizard
Purl: pkg:deb/ubuntu/kmail-account-wizard@4:21.12.3-0ubuntu1+esm1?arch=source&distro=esm-apps/jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4:21.12.3-0ubuntu1+esm1

Affected versions

4:21.*

4:21.08.1-0ubuntu1

4:21.08.3-0ubuntu1

4:21.11.80-0ubuntu1

4:21.11.90-0ubuntu1

4:21.12.0-0ubuntu1

4:21.12.1-0ubuntu1

4:21.12.2-0ubuntu1

4:21.12.3-0ubuntu1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "accountwizard",
            "binary_version": "4:21.12.3-0ubuntu1+esm1"
        }
    ],
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro"
}

Ubuntu:Pro:24.04:LTS / kmail-account-wizard

Package

Name: kmail-account-wizard
Purl: pkg:deb/ubuntu/kmail-account-wizard@4:23.08.5-0ubuntu3+esm1?arch=source&distro=esm-apps/noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4:23.08.5-0ubuntu3+esm1

Affected versions

4:23.*

4:23.08.1-0ubuntu1

4:23.08.2-0ubuntu1

4:23.08.3-0ubuntu1

4:23.08.4-0ubuntu1

4:23.08.5-0ubuntu1

4:23.08.5-0ubuntu2

4:23.08.5-0ubuntu3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "accountwizard",
            "binary_version": "4:23.08.5-0ubuntu3+esm1"
        }
    ],
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro"
}