Debian Security Advisory

DLA-2300-1 kdepim-runtime -- LTS security update

Date Reported:
30 Jul 2020
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2020-15954.
More information:

It was discovered that there was an issue where kdepim-runtime would default to using unencrypted POP3 communication despite the UI indicating that encryption was in use.

  • CVE-2020-15954

    KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communication during times when the UI indicates that encryption is in use.

For Debian 9 Stretch, these problems have been fixed in version 4:16.04.2-2+deb9u1.

We recommend that you upgrade your kdepim-runtime packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: