{"id":"MGASA-2021-0208","summary":"Updated messagelib packages fix security vulnerability","details":"Deleting an attachment of a decrypted encrypted message stored on a remote\nserver (e.g. an IMAP server) causes KMail to upload the decrypted content of\nthe message to the remote server. This is not easily noticeable by the user\nbecause KMail does not display the decrypted content.\n\nWith a specially crafted message a user could be tricked into decrypting an\nencrypted message and then deleting an attachment attached to this message.\nIf the attacker has access to the messages stored on the email server, then\nthe attacker could read the decrypted content of the encrypted message\n(CVE-2021-31855).\n","modified":"2026-02-04T04:31:56.898207Z","published":"2021-05-07T05:35:41Z","related":["CVE-2021-31855"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0208.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=28861"},{"type":"REPORT","url":"https://kde.org/info/security/advisory-20210429-1.txt"}],"affected":[{"package":{"name":"messagelib","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/messagelib?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"19.04.0-1.2.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0208.json"}},{"package":{"name":"messagelib","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/messagelib?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"20.12.0-1.1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0208.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}