KMail 1.9.5 and earlier does not properly use the –status-fd argument when invoking GnuPG, which prevents KMail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| K-mail | Kde | 0.0.29.2 (including) | 0.0.29.2 (including) |
| K-mail | Kde | 1.0.23 (including) | 1.0.23 (including) |
| K-mail | Kde | 1.0.24 (including) | 1.0.24 (including) |
| K-mail | Kde | 1.0.25 (including) | 1.0.25 (including) |
| K-mail | Kde | 1.0.26 (including) | 1.0.26 (including) |
| K-mail | Kde | 1.0.27 (including) | 1.0.27 (including) |
| K-mail | Kde | 1.0.28 (including) | 1.0.28 (including) |
| K-mail | Kde | 1.0.29 (including) | 1.0.29 (including) |
| K-mail | Kde | 1.0.29.1 (including) | 1.0.29.1 (including) |
| K-mail | Kde | 1.0.29.2 (including) | 1.0.29.2 (including) |
| K-mail | Kde | 1.1 (including) | 1.1 (including) |
| K-mail | Kde | 1.2 (including) | 1.2 (including) |
| K-mail | Kde | 1.3.1 (including) | 1.3.1 (including) |
| K-mail | Kde | 1.7.1 (including) | 1.7.1 (including) |
| K-mail | Kde | 1.9.1 (including) | 1.9.1 (including) |
| K-mail | Kde | 1.86.2.36 (including) | 1.86.2.36 (including) |
| K-mail | Kde | 1.87 (including) | 1.87 (including) |
| K-mail | Kde | 1.88 (including) | 1.88 (including) |
| K-mail | Kde | 1.89 (including) | 1.89 (including) |
| K-mail | Kde | 1.90 (including) | 1.90 (including) |
| K-mail | Kde | 1.92 (including) | 1.92 (including) |
| K-mail | Kde | 1.93 (including) | 1.93 (including) |
| K-mail | Kde | 1.94 (including) | 1.94 (including) |
| K-mail | Kde | 1.95 (including) | 1.95 (including) |
| K-mail | Kde | 1.101 (including) | 1.101 (including) |
| K-mail | Kde | 1.102 (including) | 1.102 (including) |