{"id":"USN-7730-1","summary":"kf5-messagelib vulnerabilities","details":"Damian Poddebniak, Christian Dresen, Jens Müller, Fabian Ising,\nSebastian Schinzel, Simon Friedberger, Juraj Somorovsky, and Jörg\nSchwenk discovered that PIM Messagelib could be made to leak the plaintext\nof S/MIME encrypted emails when retrieving external content in emails.\nUnder certain configurations, if a user were tricked into opening a\nspecially crafted email using an application linked against PIM Messagelib,\nan attacker could possibly use this issue to obtain the plaintext of an\nencrypted email. This update mitigates the issue by preventing automatic\nloading of external content. (CVE-2017-17689)\n\nJens Müller, Marcus Brinkmann, Damian Poddebniak, Sebastian Schinzel,\nand Jörg Schwenk discovered that PIM Messagelib could be made to leak the\nplaintext of S/MIME or PGP encrypted emails. If a user were tricked into\nreplying to a specially crafted email using an application linked\nagainst PIM Messagelib, an attacker could possibly use this issue to obtain\nthe plaintext of an encrypted email. (CVE-2019-10732)","modified":"2026-02-10T04:49:48Z","published":"2025-09-02T18:37:04Z","related":["UBUNTU-CVE-2017-17689","UBUNTU-CVE-2019-10732"],"upstream":["CVE-2017-17689","CVE-2019-10732","UBUNTU-CVE-2017-17689","UBUNTU-CVE-2019-10732"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7730-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-17689"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-10732"}],"affected":[{"package":{"name":"kf5-messagelib","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/kf5-messagelib@4:17.12.3-0ubuntu3+esm1?arch=source&distro=esm-apps/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4:17.12.3-0ubuntu3+esm1"}]}],"versions":["4:17.04.3-0ubuntu1","4:17.04.3-0ubuntu2","4:17.08.3-0ubuntu1","4:17.08.3-0ubuntu2","4:17.12.2-0ubuntu3","4:17.12.3-0ubuntu2","4:17.12.3-0ubuntu3"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_name":"kf5-messagelib-data","binary_version":"4:17.12.3-0ubuntu3+esm1"},{"binary_name":"libkf5messagecomposer-dev","binary_version":"4:17.12.3-0ubuntu3+esm1"},{"binary_name":"libkf5messagecomposer5abi2","binary_version":"4:17.12.3-0ubuntu3+esm1"},{"binary_name":"libkf5messagecore-dev","binary_version":"4:17.12.3-0ubuntu3+esm1"},{"binary_name":"libkf5messagecore5abi2","binary_version":"4:17.12.3-0ubuntu3+esm1"},{"binary_name":"libkf5messagelist-dev","binary_version":"4:17.12.3-0ubuntu3+esm1"},{"binary_name":"libkf5messagelist5abi1","binary_version":"4:17.12.3-0ubuntu3+esm1"},{"binary_name":"libkf5messageviewer-dev","binary_version":"4:17.12.3-0ubuntu3+esm1"},{"binary_name":"libkf5messageviewer-plugins","binary_version":"4:17.12.3-0ubuntu3+esm1"},{"binary_name":"libkf5messageviewer5abi4","binary_version":"4:17.12.3-0ubuntu3+esm1"},{"binary_name":"libkf5mimetreeparser-dev","binary_version":"4:17.12.3-0ubuntu3+esm1"},{"binary_name":"libkf5mimetreeparser5abi2","binary_version":"4:17.12.3-0ubuntu3+esm1"},{"binary_name":"libkf5templateparser-dev","binary_version":"4:17.12.3-0ubuntu3+esm1"},{"binary_name":"libkf5templateparser5abi2","binary_version":"4:17.12.3-0ubuntu3+esm1"},{"binary_name":"libkf5webengineviewer-dev","binary_version":"4:17.12.3-0ubuntu3+esm1"},{"binary_name":"libkf5webengineviewer5abi3","binary_version":"4:17.12.3-0ubuntu3+esm1"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:Pro:18.04:LTS","cves":[{"id":"CVE-2017-17689","severity":[{"score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2019-10732","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7730-1.json"}}],"schema_version":"1.7.3"}