Debian Security Advisory
DLA-2300-1 kdepim-runtime -- LTS security update
- Date Reported:
- 30 Jul 2020
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2020-15954.
- More information:
It was discovered that there was an issue where kdepim-runtime would default to using unencrypted POP3 communication despite the UI indicating that encryption was in use.
KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communication during times when the UI indicates that encryption is in use.
For Debian 9
Stretch, these problems have been fixed in version 4:16.04.2-2+deb9u1.
We recommend that you upgrade your kdepim-runtime packages.
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS