Home Original page

AVG-2274 - kmail - Arch Linux

AVG-2274 log

Package kmail
Status Vulnerable
Severity Medium
Type information disclosure
Affected 21.04.3-1
Fixed Unknown
Current 21.08.0-1 [testing]
21.04.3-1 [extra]
Ticket Create
Created Tue Aug 10 16:26:37 2021
Issue Severity Remote Type Description
CVE-2021-38373 Medium Yes Information disclosure 
In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not honored (and cleartext messages are sent) unless "Server requires authentication" is checked.