advisories/23923.adv

type: security
subject: Updated messagelib packages fix security vulnerability
CVE:
 - CVE-2018-19516
src:
  6:
   core:
     - messagelib-17.12.2-1.1.mga6
description: |
  Some HTML emails can trick messagelib into opening a new browser window
  when displaying said email as HTML. This happens even if the option to
  allow the HTML emails to access remote servers is disabled in KMail
  settings. This means that the owners of the servers referred in the
  email can see in their access logs your IP address (CVE-2018-19516).
references:
 - https://bugs.mageia.org/show_bug.cgi?id=23923
 - https://www.kde.org/info/security/advisory-20181128-1.txt
ID: MGASA-2018-0476
1	type: security
2	subject: Updated messagelib packages fix security vulnerability
3	CVE:
4	- CVE-2018-19516
5	src:
6	6:
7	core:
8	- messagelib-17.12.2-1.1.mga6
9	description: \|
10	Some HTML emails can trick messagelib into opening a new browser window
11	when displaying said email as HTML. This happens even if the option to
12	allow the HTML emails to access remote servers is disabled in KMail
13	settings. This means that the owners of the servers referred in the
14	email can see in their access logs your IP address (CVE-2018-19516).
15	references:
16	- https://bugs.mageia.org/show_bug.cgi?id=23923
17	- https://www.kde.org/info/security/advisory-20181128-1.txt
18	ID: MGASA-2018-0476