Upstream information

CVE-2017-9604 at MITRE

Description

KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in KDE Applications before 17.04.2, do not ensure that a plugin's sign/encrypt action occurs during use of the Send Later feature, which allows remote attackers to obtain sensitive information by sniffing the network.

SUSE information

SUSE Bugzilla entry: 1044210 [IN_PROGRESS]

No SUSE Security Announcements cross referenced.