CVE-2014-8878

NameCVE-2014-8878
DescriptionKDE KMail does not encrypt attachments in emails when "automatic encryption" is enabled, which allows remote attackers to obtain sensitive information by sniffing the network.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs791800

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
kdepim (PTS)jessie, jessie (lts)4:4.14.1-1+deb8u2vulnerable
stretch4:16.04.3-4~deb9u1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
kdepimsourcesqueeze(not affected)
kdepimsource(unstable)4:4.14.5-1791800

Notes

[jessie] - kdepim <no-dsa> (Minor issue)
[wheezy] - kdepim <no-dsa> (Minor issue)
[squeeze] - kdepim <not-affected> (Bogus condition not present)
https://bugs.kde.org/show_bug.cgi?id=340312
https://www.openwall.com/lists/oss-security/2015/07/15/5

Search for package or bug name: Reporting problems