1 |
type: security |
2 |
subject: Updated messagelib packages fix security vulnerability |
3 |
CVE: |
4 |
- CVE-2018-19516 |
5 |
src: |
6 |
6: |
7 |
core: |
8 |
- messagelib-17.12.2-1.1.mga6 |
9 |
description: | |
10 |
Some HTML emails can trick messagelib into opening a new browser window |
11 |
when displaying said email as HTML. This happens even if the option to |
12 |
allow the HTML emails to access remote servers is disabled in KMail |
13 |
settings. This means that the owners of the servers referred in the |
14 |
email can see in their access logs your IP address (CVE-2018-19516). |
15 |
references: |
16 |
- https://bugs.mageia.org/show_bug.cgi?id=23923 |
17 |
- https://www.kde.org/info/security/advisory-20181128-1.txt |
18 |
ID: MGASA-2018-0476 |