Debian Security Advisory
DLA-2300-1 kdepim-runtime -- LTS security update
- Date Reported:
- 30 Jul 2020
- Affected Packages:
- kdepim-runtime
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2020-15954.
- More information:
-
It was discovered that there was an issue where kdepim-runtime would default to using unencrypted POP3 communication despite the UI indicating that encryption was in use.
- CVE-2020-15954
KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communication during times when the UI indicates that encryption is in use.
For Debian 9
Stretch
, these problems have been fixed in version 4:16.04.2-2+deb9u1.We recommend that you upgrade your kdepim-runtime packages.
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
- CVE-2020-15954