CVE-2019-10735

Priority
Description
In Claws Mail 3.14.1, an attacker in possession of S/MIME or PGP encrypted
emails can wrap them as sub-parts within a crafted multipart email. The
encrypted part(s) can further be hidden using HTML/CSS or ASCII newline
characters. This modified multipart email can be re-sent by the attacker to
the intended receiver. If the receiver replies to this (benign looking)
email, they unknowingly leak the plaintext of the encrypted message part(s)
back to the attacker.
Notes
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needs-triage)
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Ubuntu 20.04 LTS (Focal Fossa):needs-triage
Ubuntu 20.10 (Groovy Gorilla):needs-triage
More Information

Updated: 2020-09-09 22:37:19 UTC (commit b67d7d8b03f173f825cd706df5bd078bca500b0e)