{"id":"USN-7729-1","summary":"kdepim vulnerabilities","details":"Damian Poddebniak, Christian Dresen, Jens Müller, Fabian Ising,\nSebastian Schinzel, Simon Friedberger, Juraj Somorovsky, and Jörg\nSchwenk discovered that the KMail application of KDE PIM could be made\nto leak the plaintext of S/MIME encrypted emails when retrieving\nexternal content in emails. Under certain configurations, if a user were\ntricked into opening a specially crafted email, an attacker could\npossibly use this issue to obtain the plaintext of an encrypted email.\nThis update mitigates the issue by preventing KMail from automatically\nloading external content. (CVE-2017-17689)\n\nJens Müller, Marcus Brinkmann, Damian Poddebniak, Sebastian Schinzel,\nand Jörg Schwenk discovered that the KMail application of KDE PIM could\nbe made to leak the plaintext of S/MIME or PGP encrypted emails. If a\nuser were tricked into replying to a specially crafted email, an\nattacker could possibly use this issue to obtain the plaintext of an\nencrypted email. (CVE-2019-10732)\n\nIt was discovered that the KMail application of KDE PIM could be made to\nattach files to an email without the user's knowledge. If a user\nwere tricked into sending an email created by a specially crafted\n\"mailto\" link, an attacker could possibly use this issue to obtain\nsensitive files. This update mitigates the issue by displaying a\nwarning to the user when files are attached in this way.\n(CVE-2020-11880)\n\nIt was discovered that the Account Wizard application of KDE PIM used\nHTTP rather than HTTPS when retrieving certain email server\nconfigurations. An attacker could possibly use this issue to cause email\nclients to use an attacker-controlled email server. This issue only\naffected Ubuntu 16.04 LTS. (CVE-2024-50624)","modified":"2026-02-10T04:49:48Z","published":"2025-09-02T16:41:27Z","related":["UBUNTU-CVE-2017-17689","UBUNTU-CVE-2019-10732","UBUNTU-CVE-2020-11880","UBUNTU-CVE-2024-50624"],"upstream":["CVE-2017-17689","CVE-2019-10732","CVE-2020-11880","CVE-2024-50624","UBUNTU-CVE-2017-17689","UBUNTU-CVE-2019-10732","UBUNTU-CVE-2020-11880","UBUNTU-CVE-2024-50624"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7729-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-17689"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-10732"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-11880"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-50624"}],"affected":[{"package":{"name":"kdepim","ecosystem":"Ubuntu:Pro:14.04:LTS","purl":"pkg:deb/ubuntu/kdepim@4:4.13.3-0ubuntu0.2+esm1?arch=source&distro=esm-infra-legacy/trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4:4.13.3-0ubuntu0.2+esm1"}]}],"versions":["4:4.11.2-0ubuntu1","4:4.11.2-0ubuntu2","4:4.11.80-0ubuntu1","4:4.11.95-0ubuntu1","4:4.11.97-0ubuntu1","4:4.12.0-0ubuntu1","4:4.12.1-0ubuntu1","4:4.12.2-0ubuntu1","4:4.12.3-0ubuntu1","4:4.12.90-0ubuntu1","4:4.12.90-0ubuntu2","4:4.12.95-0ubuntu1","4:4.12.97-0ubuntu1","4:4.13.0-0ubuntu1","4:4.13.1-0ubuntu0.1","4:4.13.2-0ubuntu0.1","4:4.13.3-0ubuntu0.1","4:4.13.3-0ubuntu0.2"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro","binaries":[{"binary_name":"akonadiconsole","binary_version":"4:4.13.3-0ubuntu0.2+esm1"},{"binary_name":"akregator","binary_version":"4:4.13.3-0ubuntu0.2+esm1"},{"binary_name":"blogilo","binary_version":"4:4.13.3-0ubuntu0.2+esm1"},{"binary_name":"kaddressbook","binary_version":"4:4.13.3-0ubuntu0.2+esm1"},{"binary_name":"kaddressbook-mobile","binary_version":"4:4.13.3-0ubuntu0.2+esm1"},{"binary_name":"kalarm","binary_version":"4:4.13.3-0ubuntu0.2+esm1"},{"binary_name":"kde-config-pimactivity","binary_version":"4:4.13.3-0ubuntu0.2+esm1"},{"binary_name":"kdepim","binary_version":"4:4.13.3-0ubuntu0.2+esm1"},{"binary_name":"kdepim-dev","binary_version":"4:4.13.3-0ubuntu0.2+esm1"},{"binary_name":"kdepim-kresources","binary_version":"4:4.13.3-0ubuntu0.2+esm1"},{"binary_name":"kdepim-mobile","binary_version":"4:4.13.3-0ubuntu0.2+esm1"},{"binary_name":"kdepim-mobileui-data","binary_version":"4:4.13.3-0ubuntu0.2+esm1"},{"binary_name":"kdepim-themeeditors","binary_version":"4:4.13.3-0ubuntu0.2+esm1"},{"binary_name":"kjots","binary_version":"4:4.13.3-0ubuntu0.2+esm1"},{"binary_name":"kleopatra","binary_version":"4:4.13.3-0ubuntu0.2+esm1"},{"binary_name":"kmail","binary_version":"4:4.13.3-0ubuntu0.2+esm1"},{"binary_name":"kmail-mobile","binary_version":"4:4.13.3-0ubuntu0.2+esm1"},{"binary_name":"knode","binary_version":"4:4.13.3-0ubuntu0.2+esm1"},{"binary_name":"knotes","binary_version":"4:4.13.3-0ubuntu0.2+esm1"},{"binary_name":"konsolekalendar","binary_version":"4:4.13.3-0ubuntu0.2+esm1"},{"binary_name":"kontact","binary_version":"4:4.13.3-0ubuntu0.2+esm1"},{"binary_name":"korganizer","binary_version":"4:4.13.3-0ubuntu0.2+esm1"},{"binary_name":"korganizer-mobile","binary_version":"4:4.13.3-0ubuntu0.2+esm1"},{"binary_name":"ktimetracker","binary_version":"4:4.13.3-0ubuntu0.2+esm1"},{"binary_name":"ktnef","binary_version":"4:4.13.3-0ubuntu0.2+esm1"},{"binary_name":"libcalendarsupport4","binary_version":"4:4.13.3-0ubuntu0.2+esm1"},{"binary_name":"libcomposereditorng4","binary_version":"4:4.13.3-0ubuntu0.2+esm1"},{"binary_name":"libeventviews4","binary_version":"4:4.13.3-0ubuntu0.2+esm1"},{"binary_name":"libgrammar4","binary_version":"4:4.13.3-0ubuntu0.2+esm1"},{"binary_name":"libincidenceeditorsng4","binary_version":"4:4.13.3-0ubuntu0.2+esm1"},{"binary_name":"libkdepim4","binary_version":"4:4.13.3-0ubuntu0.2+esm1"},{"binary_name":"libkdepimdbusinterfaces4","binary_version":"4:4.13.3-0ubuntu0.2+esm1"},{"binary_name":"libkdepimmobileui4","binary_version":"4:4.13.3-0ubuntu0.2+esm1"},{"binary_name":"libkdgantt2-0","binary_version":"4:4.13.3-0ubuntu0.2+esm1"},{"binary_name":"libkleo4","binary_version":"4:4.13.3-0ubuntu0.2+esm1"},{"binary_name":"libkmanagesieve4","binary_version":"4:4.13.3-0ubuntu0.2+esm1"},{"binary_name":"libkpgp4","binary_version":"4:4.13.3-0ubuntu0.2+esm1"},{"binary_name":"libksieve4","binary_version":"4:4.13.3-0ubuntu0.2+esm1"},{"binary_name":"libksieveui4","binary_version":"4:4.13.3-0ubuntu0.2+esm1"},{"binary_name":"libmailcommon4","binary_version":"4:4.13.3-0ubuntu0.2+esm1"},{"binary_name":"libmailimporter4","binary_version":"4:4.13.3-0ubuntu0.2+esm1"},{"binary_name":"libmessagecomposer4","binary_version":"4:4.13.3-0ubuntu0.2+esm1"},{"binary_name":"libmessagecore4","binary_version":"4:4.13.3-0ubuntu0.2+esm1"},{"binary_name":"libmessagelist4","binary_version":"4:4.13.3-0ubuntu0.2+esm1"},{"binary_name":"libmessageviewer4","binary_version":"4:4.13.3-0ubuntu0.2+esm1"},{"binary_name":"libnoteshared4","binary_version":"4:4.13.3-0ubuntu0.2+esm1"},{"binary_name":"libpimactivity4","binary_version":"4:4.13.3-0ubuntu0.2+esm1"},{"binary_name":"libpimcommon4","binary_version":"4:4.13.3-0ubuntu0.2+esm1"},{"binary_name":"libsendlater4","binary_version":"4:4.13.3-0ubuntu0.2+esm1"},{"binary_name":"libtemplateparser4","binary_version":"4:4.13.3-0ubuntu0.2+esm1"},{"binary_name":"notes-mobile","binary_version":"4:4.13.3-0ubuntu0.2+esm1"},{"binary_name":"storageservicemanager","binary_version":"4:4.13.3-0ubuntu0.2+esm1"},{"binary_name":"tasks-mobile","binary_version":"4:4.13.3-0ubuntu0.2+esm1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7729-1.json","cves_map":{"ecosystem":"Ubuntu:Pro:14.04:LTS","cves":[{"severity":[{"score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2017-17689"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2019-10732"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-11880"}]}}},{"package":{"name":"kdepim","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/kdepim@4:15.12.3-0ubuntu1.1+esm1?arch=source&distro=esm-apps/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4:15.12.3-0ubuntu1.1+esm1"}]}],"versions":["4:15.08.2-0ubuntu1","4:15.12.1-1ubuntu6","4:15.12.3-0ubuntu1","4:15.12.3-0ubuntu1.1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_name":"accountwizard","binary_version":"4:15.12.3-0ubuntu1.1+esm1"},{"binary_name":"akonadiconsole","binary_version":"4:15.12.3-0ubuntu1.1+esm1"},{"binary_name":"akregator","binary_version":"4:15.12.3-0ubuntu1.1+esm1"},{"binary_name":"blogilo","binary_version":"4:15.12.3-0ubuntu1.1+esm1"},{"binary_name":"kaddressbook","binary_version":"4:15.12.3-0ubuntu1.1+esm1"},{"binary_name":"kalarm","binary_version":"4:15.12.3-0ubuntu1.1+esm1"},{"binary_name":"kdepim","binary_version":"4:15.12.3-0ubuntu1.1+esm1"},{"binary_name":"kdepim-themeeditors","binary_version":"4:15.12.3-0ubuntu1.1+esm1"},{"binary_name":"kleopatra","binary_version":"4:15.12.3-0ubuntu1.1+esm1"},{"binary_name":"kmail","binary_version":"4:15.12.3-0ubuntu1.1+esm1"},{"binary_name":"knotes","binary_version":"4:15.12.3-0ubuntu1.1+esm1"},{"binary_name":"konsolekalendar","binary_version":"4:15.12.3-0ubuntu1.1+esm1"},{"binary_name":"kontact","binary_version":"4:15.12.3-0ubuntu1.1+esm1"},{"binary_name":"korganizer","binary_version":"4:15.12.3-0ubuntu1.1+esm1"},{"binary_name":"ktnef","binary_version":"4:15.12.3-0ubuntu1.1+esm1"},{"binary_name":"libkf5calendarsupport5","binary_version":"4:15.12.3-0ubuntu1.1+esm1"},{"binary_name":"libkf5composereditorng5","binary_version":"4:15.12.3-0ubuntu1.1+esm1"},{"binary_name":"libkf5eventviews5","binary_version":"4:15.12.3-0ubuntu1.1+esm1"},{"binary_name":"libkf5followupreminder5","binary_version":"4:15.12.3-0ubuntu1.1+esm1"},{"binary_name":"libkf5gravatar5","binary_version":"4:15.12.3-0ubuntu1.1+esm1"},{"binary_name":"libkf5incidenceeditorsng5","binary_version":"4:15.12.3-0ubuntu1.1+esm1"},{"binary_name":"libkf5kdepimdbusinterfaces5","binary_version":"4:15.12.3-0ubuntu1.1+esm1"},{"binary_name":"libkf5kdgantt2-5","binary_version":"4:15.12.3-0ubuntu1.1+esm1"},{"binary_name":"libkf5kmanagesieve5","binary_version":"4:15.12.3-0ubuntu1.1+esm1"},{"binary_name":"libkf5ksieve5","binary_version":"4:15.12.3-0ubuntu1.1+esm1"},{"binary_name":"libkf5ksieveui5","binary_version":"4:15.12.3-0ubuntu1.1+esm1"},{"binary_name":"libkf5libkdepim5","binary_version":"4:15.12.3-0ubuntu1.1+esm1"},{"binary_name":"libkf5libkleo5","binary_version":"4:15.12.3-0ubuntu1.1+esm1"},{"binary_name":"libkf5mailcommon5","binary_version":"4:15.12.3-0ubuntu1.1+esm1"},{"binary_name":"libkf5mailimporter5","binary_version":"4:15.12.3-0ubuntu1.1+esm1"},{"binary_name":"libkf5messagecomposer5","binary_version":"4:15.12.3-0ubuntu1.1+esm1"},{"binary_name":"libkf5messagecore5","binary_version":"4:15.12.3-0ubuntu1.1+esm1"},{"binary_name":"libkf5messagelist5","binary_version":"4:15.12.3-0ubuntu1.1+esm1"},{"binary_name":"libkf5messageviewer5","binary_version":"4:15.12.3-0ubuntu1.1+esm1"},{"binary_name":"libkf5noteshared5","binary_version":"4:15.12.3-0ubuntu1.1+esm1"},{"binary_name":"libkf5pimcommon5","binary_version":"4:15.12.3-0ubuntu1.1+esm1"},{"binary_name":"libkf5sendlater5","binary_version":"4:15.12.3-0ubuntu1.1+esm1"},{"binary_name":"libkf5templateparser5","binary_version":"4:15.12.3-0ubuntu1.1+esm1"},{"binary_name":"storageservicemanager","binary_version":"4:15.12.3-0ubuntu1.1+esm1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7729-1.json","cves_map":{"ecosystem":"Ubuntu:Pro:16.04:LTS","cves":[{"severity":[{"score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2017-17689"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2019-10732"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-11880"},{"severity":[{"score":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2024-50624"}]}}}],"schema_version":"1.7.3"}