Commit 3b5b171e authored by Ingo Klöcker's avatar Ingo Klöcker Committed by Albert Astals Cid
Browse files

Fix CVE-2021-31855

Deleting an attachment of a decrypted encrypted message stored on a remote server
(e.g. an IMAP server) causes KMail to upload the decrypted content of the message
to the remote server. This is not easily noticeable by the user because KMail does
not display the decrypted content.
parent 99b50c22
Pipeline #61846 skipped
......@@ -396,7 +396,7 @@ bool ViewerPrivate::deleteAttachment(KMime::Content *node, bool showWarning)
KMime::Message *modifiedMessage = mNodeHelper->messageWithExtraContent(mMessage.data());
mMimePartTree->mimePartModel()->setRoot(modifiedMessage);
mMessageItem.setPayloadFromData(modifiedMessage->encodedContent());
mMessageItem.setPayloadFromData(mMessage->encodedContent());
auto job = new Akonadi::ItemModifyJob(mMessageItem, mSession);
job->disableRevisionCheck();
connect(job, &KJob::result, this, &ViewerPrivate::itemModifiedResult);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment