{"id":"MGASA-2018-0476","summary":"Updated messagelib packages fix security vulnerability","details":"Some HTML emails can trick messagelib into opening a new browser window\nwhen displaying said email as HTML. This happens even if the option to\nallow the HTML emails to access remote servers is disabled in KMail\nsettings. This means that the owners of the servers referred in the\nemail can see in their access logs your IP address (CVE-2018-19516).\n","modified":"2026-04-16T06:22:25.060332731Z","published":"2018-12-03T22:13:03Z","upstream":["CVE-2018-19516"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0476.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=23923"},{"type":"ADVISORY","url":"https://www.kde.org/info/security/advisory-20181128-1.txt"}],"affected":[{"package":{"name":"messagelib","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/messagelib?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"17.12.2-1.1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0476.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}