kmail/kontact message viewer incorrectly defaults to having JavaScript, Java, and Plugins enabled
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
kdepim (Ubuntu) |
Fix Released
|
High
|
Scott Kitterman | ||
Oneiric |
Fix Released
|
High
|
Marc Deslauriers | ||
Precise |
Fix Released
|
High
|
Marc Deslauriers | ||
Quantal |
Fix Released
|
High
|
Scott Kitterman |
Bug Description
Upstream has somewhat cryptically suggested applying the upstream patch in http://
It appears to apply to kdepim 4.7 (oneiric), 4.8 (precise), and to be 4.9 (quantal).
diff --git a/messageviewer
b/messageviewer
index b54e989..67c3062 100644
--- a/messageviewer
+++ b/messageviewer
@@ -40,6 +40,10 @@ QString HTMLQuoteColore
&htmlSource )
#ifndef KDEPIM_NO_WEBKIT
// Create a DOM Document from the HTML source
QWebPage page(0);
+ page.settings(
+ page.settings(
+ page.settings(
+
QWebFrame *frame = page.mainFrame();
frame->setHtml( htmlSource );
security vulnerability: | no → yes |
Changed in kdepim (Ubuntu Quantal): | |
assignee: | nobody → Scott Kitterman (kitterman) |
importance: | Undecided → High |
status: | New → In Progress |
Changed in kdepim (Ubuntu Precise): | |
assignee: | nobody → Scott Kitterman (kitterman) |
importance: | Undecided → High |
status: | New → In Progress |
milestone: | none → ubuntu-12.04.1 |
Changed in kdepim (Ubuntu Quantal): | |
milestone: | none → quantal-alpha-3 |
Changed in kdepim (Ubuntu Oneiric): | |
status: | New → In Progress |
importance: | Undecided → High |
assignee: | nobody → Scott Kitterman (kitterman) |
milestone: | none → oneiric-updates |
Changed in kdepim (Ubuntu Oneiric): | |
status: | Confirmed → Triaged |
Changed in kdepim (Ubuntu Precise): | |
status: | Confirmed → Triaged |
Changed in kdepim (Ubuntu Oneiric): | |
assignee: | nobody → Ubuntu Security Team (ubuntu-security) |
Changed in kdepim (Ubuntu Precise): | |
assignee: | nobody → Ubuntu Security Team (ubuntu-security) |
Changed in kdepim (Ubuntu Oneiric): | |
assignee: | Ubuntu Security Team (ubuntu-security) → Marc Deslauriers (mdeslaur) |
Changed in kdepim (Ubuntu Precise): | |
assignee: | Ubuntu Security Team (ubuntu-security) → Marc Deslauriers (mdeslaur) |
This bug was fixed in the package kdepim - 4:4.8.90-0ubuntu2
---------------
kdepim (4:4.8.90-0ubuntu2) quantal; urgency=low
* Fix for upstream security issue, will be in the RC (LP: #1022690)
-- Scott Kitterman <email address hidden> Mon, 09 Jul 2012 15:31:47 -0400