Debian Long Term Support / LTS Security Information / 2016 / Security Information -- DLA-673-1 kdepimlibs

Debian Security Advisory

DLA-673-1 kdepimlibs -- LTS security update

Date Reported:

22 Oct 2016

Affected Packages:

kdepimlibs

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 840546.
In Mitre's CVE dictionary: CVE-2016-7966.

More information:

Roland Tapken discovered that insufficient input sanitizing in KMail's plain text viewer allowed attackers the injection of HTML code. This might open the way to the exploitation of other vulnerabilities in the HTML viewer code, which is disabled by default.

For Debian 7 Wheezy, these problems have been fixed in version 4:4.8.4-2+deb7u1.

We recommend that you upgrade your kdepimlibs packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS