Debian Security Advisory
DLA-673-1 kdepimlibs -- LTS security update
- Date Reported:
- 22 Oct 2016
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 840546.
In Mitre's CVE dictionary: CVE-2016-7966.
- More information:
Roland Tapken discovered that insufficient input sanitizing in KMail's plain text viewer allowed attackers the injection of HTML code. This might open the way to the exploitation of other vulnerabilities in the HTML viewer code, which is disabled by default.
For Debian 7
Wheezy, these problems have been fixed in version 4:4.8.4-2+deb7u1.
We recommend that you upgrade your kdepimlibs packages.
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS