[kmail2] [Bug 326063] New: [Security?] KMail invoked from KToolInvocation with an encrypted text will decrypt the text
Rolf Eike Beer
kde at opensource.sf-tec.de
Tue Oct 15 19:07:28 BST 2013
https://bugs.kde.org/show_bug.cgi?id=326063
Bug ID: 326063
Summary: [Security?] KMail invoked from KToolInvocation with an
encrypted text will decrypt the text
Classification: Unclassified
Product: kmail2
Version: 4.11.2
Platform: openSUSE RPMs
OS: Linux
Status: UNCONFIRMED
Severity: normal
Priority: NOR
Component: composer
Assignee: kdepim-bugs at kde.org
Reporter: kde at opensource.sf-tec.de
The invocation is like this:
KToolInvocation::invokeMailer(email, QString(), QString(), subject, text);
text is in this case is a PGP encrypted message, (also) encrypted to my own
private key. When the KMail window shows up the _decrypted_ text is show, i.e.
KMail will itself decrypt the text. If the message is only encrypted to someone
else the message is kept as KMail can't decrypt it.
If the text is expected to be sent encrypted and the user isn't very careful
the text may accidentially be sent unencrypted.
Reproducible: Always
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the Kdepim-bugs
mailing list