PublicDateAtUSN: 2012-07-19
Candidate: CVE-2012-3413
PublicDate: 2012-08-07 20:55:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3413
 https://ubuntu.com/security/notices/USN-1512-1
Description:
 The HTMLQuoteColorer::process function in
 messageviewer/htmlquotecolorer.cpp in KDE PIM 4.6 through 4.8 does not
 disable JavaScript, Java, and Plugins, which allows remote attackers to
 inject arbitrary web script or HTML via a crafted email.
Ubuntu-Description: 
Notes: 
 mdeslaur> caused by webkit migration, doesn't affect natty and lower
Bugs: 
 https://bugs.launchpad.net/ubuntu/+source/kdepim/+bug/1022690
Priority: medium
Discovered-by:
Assigned-to: mdeslaur
CVSS: 

Patches_kdepim:
 upstream: http://commits.kde.org/kdepim/dbb2f72f4745e00f53031965a9c10b2d6862bd54
upstream_kdepim: needs-triage
hardy_kdepim: ignored (reached end-of-life)
lucid_kdepim: not-affected
natty_kdepim: not-affected
oneiric_kdepim: released (4:4.7.4+git111222-0ubuntu0.3)
precise_kdepim: released (4:4.8.4a-0ubuntu0.3)
devel_kdepim: released (4:4.8.90-0ubuntu2)