[SECURITY] [DLA 673-1] kdepimlibs security update

2016-10-2215:20:42

lists.debian.org

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.5%

JSON

Package : kdepimlibs
Version : 4:4.8.4-2+deb7u1
CVE ID : CVE-2016-7966
Debian Bug : 840546

Roland Tapken discovered that insufficient input sanitizing in KMail's
plain text viewer allowed attackers the injection of HTML code. This
might open the way to the exploitation of other vulnerabilities in the
HTML viewer code, which is disabled by default.

For Debian 7 "Wheezy", these problems have been fixed in version
4:4.8.4-2+deb7u1.

We recommend that you upgrade your kdepimlibs packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian8ppc64ellibkmime4< 4:4.14.2-2+deb8u2libkmime4_4:4.14.2-2+deb8u2_ppc64el.deb
Debian8kfreebsd-i386libkabc4< 4:4.14.2-2+deb8u2libkabc4_4:4.14.2-2+deb8u2_kfreebsd-i386.deb
Debian8s390xlibkmime4< 4:4.14.2-2+deb8u2libkmime4_4:4.14.2-2+deb8u2_s390x.deb
Debian7armellibkimap4< 4:4.8.4-2+deb7u1libkimap4_4:4.8.4-2+deb7u1_armel.deb
Debian8kfreebsd-amd64libqgpgme1< 4:4.14.2-2+deb8u2libqgpgme1_4:4.14.2-2+deb8u2_kfreebsd-amd64.deb
Debian8kfreebsd-amd64libakonadi-kmime4< 4:4.14.2-2+deb8u2libakonadi-kmime4_4:4.14.2-2+deb8u2_kfreebsd-amd64.deb
Debian8arm64libkmbox4< 4:4.14.2-2+deb8u2libkmbox4_4:4.14.2-2+deb8u2_arm64.deb
Debian7i386libktnef4< 4:4.8.4-2+deb7u1libktnef4_4:4.8.4-2+deb7u1_i386.deb
Debian7armhflibakonadi-kde4< 4:4.8.4-2+deb7u1libakonadi-kde4_4:4.8.4-2+deb7u1_armhf.deb
Debian8armhflibakonadi-notes4< 4:4.14.2-2+deb8u2libakonadi-notes4_4:4.14.2-2+deb8u2_armhf.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	ppc64el	libkmime4	< 4:4.14.2-2+deb8u2	libkmime4_4:4.14.2-2+deb8u2_ppc64el.deb
Debian	8	kfreebsd-i386	libkabc4	< 4:4.14.2-2+deb8u2	libkabc4_4:4.14.2-2+deb8u2_kfreebsd-i386.deb
Debian	8	s390x	libkmime4	< 4:4.14.2-2+deb8u2	libkmime4_4:4.14.2-2+deb8u2_s390x.deb
Debian	7	armel	libkimap4	< 4:4.8.4-2+deb7u1	libkimap4_4:4.8.4-2+deb7u1_armel.deb
Debian	8	kfreebsd-amd64	libqgpgme1	< 4:4.14.2-2+deb8u2	libqgpgme1_4:4.14.2-2+deb8u2_kfreebsd-amd64.deb
Debian	8	kfreebsd-amd64	libakonadi-kmime4	< 4:4.14.2-2+deb8u2	libakonadi-kmime4_4:4.14.2-2+deb8u2_kfreebsd-amd64.deb
Debian	8	arm64	libkmbox4	< 4:4.14.2-2+deb8u2	libkmbox4_4:4.14.2-2+deb8u2_arm64.deb
Debian	7	i386	libktnef4	< 4:4.8.4-2+deb7u1	libktnef4_4:4.8.4-2+deb7u1_i386.deb
Debian	7	armhf	libakonadi-kde4	< 4:4.8.4-2+deb7u1	libakonadi-kde4_4:4.8.4-2+deb7u1_armhf.deb
Debian	8	armhf	libakonadi-notes4	< 4:4.14.2-2+deb8u2	libakonadi-notes4_4:4.14.2-2+deb8u2_armhf.deb