[kmail2] [Bug 404698] Decryption Oracle based on replying to PGP or S/MIME encrypted emails

Sandro Knauß bugzilla_noreply at kde.org
Fri Jun 28 16:38:27 BST 2019


--- Comment #24 from Sandro Knauß <sknauss at kde.org> ---
(In reply to beuc from comment #23)
> I wrote something cruder but that works with the 404698-* messagelib test
> cases:
> https://www.beuc.net/tmp/kdepim-CVE-2019-10732.patch
> This should be a good compromise, let me know if I missed something.
> I plan to upload an update shortly, probably next week :)

The code looks like it should be enough. But the surrounding code has changed a
lot between 4.14.1 and had less tests etc. It may be that there are other
things to fix.

You are receiving this mail because:
You are the assignee for the bug.

More information about the Kdepim-bugs mailing list