[kmail2] [Bug 404698] Decryption Oracle based on replying to PGP or S/MIME encrypted emails

Sandro Knauß bugzilla_noreply at kde.org
Sun May 12 23:10:25 BST 2019


--- Comment #18 from Sandro Knauß <sknauss at kde.org> ---
Created attachment 120026
  --> https://bugs.kde.org/attachment.cgi?id=120026&action=edit
html mail with two images embeded.

There is one question, how we should handle forwards with embedded images.
We have a testcase with two images embedded (see attachment), that are added to
the forwarded message. IMO this is not a security issue, as we do not parse
those two images (aka do not encrypt them) and just copy them like they were
sent over the wire. So we can't leak private information.

You are receiving this mail because:
You are the assignee for the bug.

More information about the Kdepim-bugs mailing list