Jensvoid

**Name of the Vulnerable Software and Affected Versions** Roundcube Webmail versions prior to 1.3.10 **Description** The issue allows an attacker with S/MIME or PGP encrypted emails to craft a multipart email, hiding the encrypted parts using HTML/CSS or ASCII newline characters. When the receiver replies to this email, they may unknowingly leak the plaintext of the encrypted message parts back to the attacker. **Recommendations** For versions prior to 1.3.10, update to version 1.3.10 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** K-9 Mail version 5.600 **Description** The issue allows an attacker to include the original quoted HTML code of a specially crafted email within reply messages. This can contain conditional statements that display different text when opened in a different email client. An attacker can exploit this to obtain valid S/MIME or PGP signatures for arbitrary content. **Recommendations** For K-9 Mail version 5.600, at the moment, there is no information about a newer version that contains a fix for this vulnerability.