UBUNTU-CVE-2019-10735
- Source
- https://ubuntu.com/security/CVE-2019-10735
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-10735.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2019-10735
- Upstream
- Published
- 2019-04-07T15:29:00Z
- Modified
- 2025-09-08T16:45:23Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
In Claws Mail 3.14.1, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker.
- References
Affected packages
Ubuntu:Pro:16.04:LTS / claws-mail
Package
- Name
- claws-mail
- Purl
- pkg:deb/ubuntu/claws-mail@3.13.2-1ubuntu1?arch=source&distro=esm-apps/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
3.*
3.12.0-1ubuntu1
3.12.0-1ubuntu2
3.13.1-1.1ubuntu1
3.13.1-1.1ubuntu2
3.13.1-1.1ubuntu3
3.13.2-1ubuntu1
Ecosystem specific
{
"binaries": [
{
"binary_name": "claws-mail",
"binary_version": "3.13.2-1ubuntu1"
},
{
"binary_name": "claws-mail-acpi-notifier",
"binary_version": "3.13.2-1ubuntu1"
},
{
"binary_name": "claws-mail-address-keeper",
"binary_version": "3.13.2-1ubuntu1"
},
{
"binary_name": "claws-mail-archiver-plugin",
"binary_version": "3.13.2-1ubuntu1"
},
{
"binary_name": "claws-mail-attach-remover",
"binary_version": "3.13.2-1ubuntu1"
},
{
"binary_name": "claws-mail-attach-warner",
"binary_version": "3.13.2-1ubuntu1"
},
{
"binary_name": "claws-mail-bogofilter",
"binary_version": "3.13.2-1ubuntu1"
},
{
"binary_name": "claws-mail-bsfilter-plugin",
"binary_version": "3.13.2-1ubuntu1"
},
{
"binary_name": "claws-mail-clamd-plugin",
"binary_version": "3.13.2-1ubuntu1"
},
{
"binary_name": "claws-mail-extra-plugins",
"binary_version": "3.13.2-1ubuntu1"
},
{
"binary_name": "claws-mail-fancy-plugin",
"binary_version": "3.13.2-1ubuntu1"
},
{
"binary_name": "claws-mail-feeds-reader",
"binary_version": "3.13.2-1ubuntu1"
},
{
"binary_name": "claws-mail-fetchinfo-plugin",
"binary_version": "3.13.2-1ubuntu1"
},
{
"binary_name": "claws-mail-gdata-plugin",
"binary_version": "3.13.2-1ubuntu1"
},
{
"binary_name": "claws-mail-i18n",
"binary_version": "3.13.2-1ubuntu1"
},
{
"binary_name": "claws-mail-libravatar",
"binary_version": "3.13.2-1ubuntu1"
},
{
"binary_name": "claws-mail-mailmbox-plugin",
"binary_version": "3.13.2-1ubuntu1"
},
{
"binary_name": "claws-mail-managesieve",
"binary_version": "3.13.2-1ubuntu1"
},
{
"binary_name": "claws-mail-multi-notifier",
"binary_version": "3.13.2-1ubuntu1"
},
{
"binary_name": "claws-mail-newmail-plugin",
"binary_version": "3.13.2-1ubuntu1"
},
{
"binary_name": "claws-mail-pdf-viewer",
"binary_version": "3.13.2-1ubuntu1"
},
{
"binary_name": "claws-mail-perl-filter",
"binary_version": "3.13.2-1ubuntu1"
},
{
"binary_name": "claws-mail-pgpinline",
"binary_version": "3.13.2-1ubuntu1"
},
{
"binary_name": "claws-mail-pgpmime",
"binary_version": "3.13.2-1ubuntu1"
},
{
"binary_name": "claws-mail-plugins",
"binary_version": "3.13.2-1ubuntu1"
},
{
"binary_name": "claws-mail-python-plugin",
"binary_version": "3.13.2-1ubuntu1"
},
{
"binary_name": "claws-mail-smime-plugin",
"binary_version": "3.13.2-1ubuntu1"
},
{
"binary_name": "claws-mail-spam-report",
"binary_version": "3.13.2-1ubuntu1"
},
{
"binary_name": "claws-mail-spamassassin",
"binary_version": "3.13.2-1ubuntu1"
},
{
"binary_name": "claws-mail-tnef-parser",
"binary_version": "3.13.2-1ubuntu1"
},
{
"binary_name": "claws-mail-tools",
"binary_version": "3.13.2-1ubuntu1"
},
{
"binary_name": "claws-mail-vcalendar-plugin",
"binary_version": "3.13.2-1ubuntu1"
},
{
"binary_name": "libclaws-mail-dev",
"binary_version": "3.13.2-1ubuntu1"
}
]
}
Ubuntu:Pro:18.04:LTS / claws-mail
Package
- Name
- claws-mail
- Purl
- pkg:deb/ubuntu/claws-mail@3.16.0-1?arch=source&distro=esm-apps/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "claws-mail",
"binary_version": "3.16.0-1"
},
{
"binary_name": "claws-mail-acpi-notifier",
"binary_version": "3.16.0-1"
},
{
"binary_name": "claws-mail-address-keeper",
"binary_version": "3.16.0-1"
},
{
"binary_name": "claws-mail-archiver-plugin",
"binary_version": "3.16.0-1"
},
{
"binary_name": "claws-mail-attach-remover",
"binary_version": "3.16.0-1"
},
{
"binary_name": "claws-mail-attach-warner",
"binary_version": "3.16.0-1"
},
{
"binary_name": "claws-mail-bogofilter",
"binary_version": "3.16.0-1"
},
{
"binary_name": "claws-mail-bsfilter-plugin",
"binary_version": "3.16.0-1"
},
{
"binary_name": "claws-mail-clamd-plugin",
"binary_version": "3.16.0-1"
},
{
"binary_name": "claws-mail-extra-plugins",
"binary_version": "3.16.0-1"
},
{
"binary_name": "claws-mail-feeds-reader",
"binary_version": "3.16.0-1"
},
{
"binary_name": "claws-mail-fetchinfo-plugin",
"binary_version": "3.16.0-1"
},
{
"binary_name": "claws-mail-gdata-plugin",
"binary_version": "3.16.0-1"
},
{
"binary_name": "claws-mail-i18n",
"binary_version": "3.16.0-1"
},
{
"binary_name": "claws-mail-libravatar",
"binary_version": "3.16.0-1"
},
{
"binary_name": "claws-mail-mailmbox-plugin",
"binary_version": "3.16.0-1"
},
{
"binary_name": "claws-mail-managesieve",
"binary_version": "3.16.0-1"
},
{
"binary_name": "claws-mail-multi-notifier",
"binary_version": "3.16.0-1"
},
{
"binary_name": "claws-mail-newmail-plugin",
"binary_version": "3.16.0-1"
},
{
"binary_name": "claws-mail-pdf-viewer",
"binary_version": "3.16.0-1"
},
{
"binary_name": "claws-mail-perl-filter",
"binary_version": "3.16.0-1"
},
{
"binary_name": "claws-mail-pgpinline",
"binary_version": "3.16.0-1"
},
{
"binary_name": "claws-mail-pgpmime",
"binary_version": "3.16.0-1"
},
{
"binary_name": "claws-mail-plugins",
"binary_version": "3.16.0-1"
},
{
"binary_name": "claws-mail-python-plugin",
"binary_version": "3.16.0-1"
},
{
"binary_name": "claws-mail-smime-plugin",
"binary_version": "3.16.0-1"
},
{
"binary_name": "claws-mail-spam-report",
"binary_version": "3.16.0-1"
},
{
"binary_name": "claws-mail-spamassassin",
"binary_version": "3.16.0-1"
},
{
"binary_name": "claws-mail-tnef-parser",
"binary_version": "3.16.0-1"
},
{
"binary_name": "claws-mail-tools",
"binary_version": "3.16.0-1"
},
{
"binary_name": "claws-mail-vcalendar-plugin",
"binary_version": "3.16.0-1"
},
{
"binary_name": "libclaws-mail-dev",
"binary_version": "3.16.0-1"
}
]
}
Ubuntu:Pro:20.04:LTS / claws-mail
Package
- Name
- claws-mail
- Purl
- pkg:deb/ubuntu/claws-mail@3.17.5-2?arch=source&distro=esm-apps/focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "claws-mail",
"binary_version": "3.17.5-2"
},
{
"binary_name": "claws-mail-acpi-notifier",
"binary_version": "3.17.5-2"
},
{
"binary_name": "claws-mail-address-keeper",
"binary_version": "3.17.5-2"
},
{
"binary_name": "claws-mail-archiver-plugin",
"binary_version": "3.17.5-2"
},
{
"binary_name": "claws-mail-attach-remover",
"binary_version": "3.17.5-2"
},
{
"binary_name": "claws-mail-attach-warner",
"binary_version": "3.17.5-2"
},
{
"binary_name": "claws-mail-bogofilter",
"binary_version": "3.17.5-2"
},
{
"binary_name": "claws-mail-bsfilter-plugin",
"binary_version": "3.17.5-2"
},
{
"binary_name": "claws-mail-clamd-plugin",
"binary_version": "3.17.5-2"
},
{
"binary_name": "claws-mail-dillo-viewer",
"binary_version": "3.17.5-2"
},
{
"binary_name": "claws-mail-extra-plugins",
"binary_version": "3.17.5-2"
},
{
"binary_name": "claws-mail-feeds-reader",
"binary_version": "3.17.5-2"
},
{
"binary_name": "claws-mail-fetchinfo-plugin",
"binary_version": "3.17.5-2"
},
{
"binary_name": "claws-mail-gdata-plugin",
"binary_version": "3.17.5-2"
},
{
"binary_name": "claws-mail-i18n",
"binary_version": "3.17.5-2"
},
{
"binary_name": "claws-mail-libravatar",
"binary_version": "3.17.5-2"
},
{
"binary_name": "claws-mail-litehtml-viewer",
"binary_version": "3.17.5-2"
},
{
"binary_name": "claws-mail-mailmbox-plugin",
"binary_version": "3.17.5-2"
},
{
"binary_name": "claws-mail-managesieve",
"binary_version": "3.17.5-2"
},
{
"binary_name": "claws-mail-multi-notifier",
"binary_version": "3.17.5-2"
},
{
"binary_name": "claws-mail-newmail-plugin",
"binary_version": "3.17.5-2"
},
{
"binary_name": "claws-mail-pdf-viewer",
"binary_version": "3.17.5-2"
},
{
"binary_name": "claws-mail-perl-filter",
"binary_version": "3.17.5-2"
},
{
"binary_name": "claws-mail-pgpinline",
"binary_version": "3.17.5-2"
},
{
"binary_name": "claws-mail-pgpmime",
"binary_version": "3.17.5-2"
},
{
"binary_name": "claws-mail-plugins",
"binary_version": "3.17.5-2"
},
{
"binary_name": "claws-mail-smime-plugin",
"binary_version": "3.17.5-2"
},
{
"binary_name": "claws-mail-spam-report",
"binary_version": "3.17.5-2"
},
{
"binary_name": "claws-mail-spamassassin",
"binary_version": "3.17.5-2"
},
{
"binary_name": "claws-mail-tnef-parser",
"binary_version": "3.17.5-2"
},
{
"binary_name": "claws-mail-tools",
"binary_version": "3.17.5-2"
},
{
"binary_name": "claws-mail-vcalendar-plugin",
"binary_version": "3.17.5-2"
},
{
"binary_name": "libclaws-mail-dev",
"binary_version": "3.17.5-2"
}
]
}
Ubuntu:22.04:LTS / claws-mail
Package
- Name
- claws-mail
- Purl
- pkg:deb/ubuntu/claws-mail@4.0.0-3?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "claws-mail",
"binary_version": "4.0.0-3"
},
{
"binary_name": "claws-mail-acpi-notifier",
"binary_version": "4.0.0-3"
},
{
"binary_name": "claws-mail-address-keeper",
"binary_version": "4.0.0-3"
},
{
"binary_name": "claws-mail-archiver-plugin",
"binary_version": "4.0.0-3"
},
{
"binary_name": "claws-mail-attach-remover",
"binary_version": "4.0.0-3"
},
{
"binary_name": "claws-mail-attach-warner",
"binary_version": "4.0.0-3"
},
{
"binary_name": "claws-mail-bogofilter",
"binary_version": "4.0.0-3"
},
{
"binary_name": "claws-mail-bsfilter-plugin",
"binary_version": "4.0.0-3"
},
{
"binary_name": "claws-mail-clamd-plugin",
"binary_version": "4.0.0-3"
},
{
"binary_name": "claws-mail-dillo-viewer",
"binary_version": "4.0.0-3"
},
{
"binary_name": "claws-mail-extra-plugins",
"binary_version": "4.0.0-3"
},
{
"binary_name": "claws-mail-fancy-plugin",
"binary_version": "4.0.0-3"
},
{
"binary_name": "claws-mail-feeds-reader",
"binary_version": "4.0.0-3"
},
{
"binary_name": "claws-mail-fetchinfo-plugin",
"binary_version": "4.0.0-3"
},
{
"binary_name": "claws-mail-gdata-plugin",
"binary_version": "4.0.0-3"
},
{
"binary_name": "claws-mail-i18n",
"binary_version": "4.0.0-3"
},
{
"binary_name": "claws-mail-libravatar",
"binary_version": "4.0.0-3"
},
{
"binary_name": "claws-mail-litehtml-viewer",
"binary_version": "4.0.0-3"
},
{
"binary_name": "claws-mail-mailmbox-plugin",
"binary_version": "4.0.0-3"
},
{
"binary_name": "claws-mail-managesieve",
"binary_version": "4.0.0-3"
},
{
"binary_name": "claws-mail-multi-notifier",
"binary_version": "4.0.0-3"
},
{
"binary_name": "claws-mail-newmail-plugin",
"binary_version": "4.0.0-3"
},
{
"binary_name": "claws-mail-pdf-viewer",
"binary_version": "4.0.0-3"
},
{
"binary_name": "claws-mail-perl-filter",
"binary_version": "4.0.0-3"
},
{
"binary_name": "claws-mail-pgpinline",
"binary_version": "4.0.0-3"
},
{
"binary_name": "claws-mail-pgpmime",
"binary_version": "4.0.0-3"
},
{
"binary_name": "claws-mail-plugins",
"binary_version": "4.0.0-3"
},
{
"binary_name": "claws-mail-python-plugin",
"binary_version": "4.0.0-3"
},
{
"binary_name": "claws-mail-smime-plugin",
"binary_version": "4.0.0-3"
},
{
"binary_name": "claws-mail-spam-report",
"binary_version": "4.0.0-3"
},
{
"binary_name": "claws-mail-spamassassin",
"binary_version": "4.0.0-3"
},
{
"binary_name": "claws-mail-tnef-parser",
"binary_version": "4.0.0-3"
},
{
"binary_name": "claws-mail-tools",
"binary_version": "4.0.0-3"
},
{
"binary_name": "claws-mail-vcalendar-plugin",
"binary_version": "4.0.0-3"
},
{
"binary_name": "libclaws-mail-dev",
"binary_version": "4.0.0-3"
}
]
}
Ubuntu:24.04:LTS / claws-mail
Package
- Name
- claws-mail
- Purl
- pkg:deb/ubuntu/claws-mail@4.2.0-2build7?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
4.*
4.1.1-4
4.1.1-4build1
4.2.0-1
4.2.0-1ubuntu1
4.2.0-2
4.2.0-2build6
4.2.0-2build7
Ecosystem specific
{
"binaries": [
{
"binary_name": "claws-mail",
"binary_version": "4.2.0-2build7"
},
{
"binary_name": "claws-mail-acpi-notifier",
"binary_version": "4.2.0-2build7"
},
{
"binary_name": "claws-mail-address-keeper",
"binary_version": "4.2.0-2build7"
},
{
"binary_name": "claws-mail-archiver-plugin",
"binary_version": "4.2.0-2build7"
},
{
"binary_name": "claws-mail-attach-remover",
"binary_version": "4.2.0-2build7"
},
{
"binary_name": "claws-mail-attach-warner",
"binary_version": "4.2.0-2build7"
},
{
"binary_name": "claws-mail-bogofilter",
"binary_version": "4.2.0-2build7"
},
{
"binary_name": "claws-mail-bsfilter-plugin",
"binary_version": "4.2.0-2build7"
},
{
"binary_name": "claws-mail-clamd-plugin",
"binary_version": "4.2.0-2build7"
},
{
"binary_name": "claws-mail-dillo-viewer",
"binary_version": "4.2.0-2build7"
},
{
"binary_name": "claws-mail-extra-plugins",
"binary_version": "4.2.0-2build7"
},
{
"binary_name": "claws-mail-fancy-plugin",
"binary_version": "4.2.0-2build7"
},
{
"binary_name": "claws-mail-feeds-reader",
"binary_version": "4.2.0-2build7"
},
{
"binary_name": "claws-mail-fetchinfo-plugin",
"binary_version": "4.2.0-2build7"
},
{
"binary_name": "claws-mail-i18n",
"binary_version": "4.2.0-2build7"
},
{
"binary_name": "claws-mail-keyword-warner",
"binary_version": "4.2.0-2build7"
},
{
"binary_name": "claws-mail-libravatar",
"binary_version": "4.2.0-2build7"
},
{
"binary_name": "claws-mail-litehtml-viewer",
"binary_version": "4.2.0-2build7"
},
{
"binary_name": "claws-mail-mailmbox-plugin",
"binary_version": "4.2.0-2build7"
},
{
"binary_name": "claws-mail-managesieve",
"binary_version": "4.2.0-2build7"
},
{
"binary_name": "claws-mail-multi-notifier",
"binary_version": "4.2.0-2build7"
},
{
"binary_name": "claws-mail-newmail-plugin",
"binary_version": "4.2.0-2build7"
},
{
"binary_name": "claws-mail-pdf-viewer",
"binary_version": "4.2.0-2build7"
},
{
"binary_name": "claws-mail-perl-filter",
"binary_version": "4.2.0-2build7"
},
{
"binary_name": "claws-mail-pgpinline",
"binary_version": "4.2.0-2build7"
},
{
"binary_name": "claws-mail-pgpmime",
"binary_version": "4.2.0-2build7"
},
{
"binary_name": "claws-mail-plugins",
"binary_version": "4.2.0-2build7"
},
{
"binary_name": "claws-mail-python-plugin",
"binary_version": "4.2.0-2build7"
},
{
"binary_name": "claws-mail-smime-plugin",
"binary_version": "4.2.0-2build7"
},
{
"binary_name": "claws-mail-spam-report",
"binary_version": "4.2.0-2build7"
},
{
"binary_name": "claws-mail-spamassassin",
"binary_version": "4.2.0-2build7"
},
{
"binary_name": "claws-mail-tnef-parser",
"binary_version": "4.2.0-2build7"
},
{
"binary_name": "claws-mail-tools",
"binary_version": "4.2.0-2build7"
},
{
"binary_name": "claws-mail-vcalendar-plugin",
"binary_version": "4.2.0-2build7"
},
{
"binary_name": "libclaws-mail-dev",
"binary_version": "4.2.0-2build7"
}
]
}
Ubuntu:25.04 / claws-mail
Package
- Name
- claws-mail
- Purl
- pkg:deb/ubuntu/claws-mail@4.3.1-1?arch=source&distro=plucky
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "claws-mail",
"binary_version": "4.3.1-1"
},
{
"binary_name": "claws-mail-acpi-notifier",
"binary_version": "4.3.1-1"
},
{
"binary_name": "claws-mail-address-keeper",
"binary_version": "4.3.1-1"
},
{
"binary_name": "claws-mail-archiver-plugin",
"binary_version": "4.3.1-1"
},
{
"binary_name": "claws-mail-attach-remover",
"binary_version": "4.3.1-1"
},
{
"binary_name": "claws-mail-attach-warner",
"binary_version": "4.3.1-1"
},
{
"binary_name": "claws-mail-bogofilter",
"binary_version": "4.3.1-1"
},
{
"binary_name": "claws-mail-bsfilter-plugin",
"binary_version": "4.3.1-1"
},
{
"binary_name": "claws-mail-clamd-plugin",
"binary_version": "4.3.1-1"
},
{
"binary_name": "claws-mail-dillo-viewer",
"binary_version": "4.3.1-1"
},
{
"binary_name": "claws-mail-extra-plugins",
"binary_version": "4.3.1-1"
},
{
"binary_name": "claws-mail-fancy-plugin",
"binary_version": "4.3.1-1"
},
{
"binary_name": "claws-mail-feeds-reader",
"binary_version": "4.3.1-1"
},
{
"binary_name": "claws-mail-fetchinfo-plugin",
"binary_version": "4.3.1-1"
},
{
"binary_name": "claws-mail-i18n",
"binary_version": "4.3.1-1"
},
{
"binary_name": "claws-mail-keyword-warner",
"binary_version": "4.3.1-1"
},
{
"binary_name": "claws-mail-libravatar",
"binary_version": "4.3.1-1"
},
{
"binary_name": "claws-mail-litehtml-viewer",
"binary_version": "4.3.1-1"
},
{
"binary_name": "claws-mail-mailmbox-plugin",
"binary_version": "4.3.1-1"
},
{
"binary_name": "claws-mail-managesieve",
"binary_version": "4.3.1-1"
},
{
"binary_name": "claws-mail-multi-notifier",
"binary_version": "4.3.1-1"
},
{
"binary_name": "claws-mail-newmail-plugin",
"binary_version": "4.3.1-1"
},
{
"binary_name": "claws-mail-pdf-viewer",
"binary_version": "4.3.1-1"
},
{
"binary_name": "claws-mail-perl-filter",
"binary_version": "4.3.1-1"
},
{
"binary_name": "claws-mail-pgpinline",
"binary_version": "4.3.1-1"
},
{
"binary_name": "claws-mail-pgpmime",
"binary_version": "4.3.1-1"
},
{
"binary_name": "claws-mail-plugins",
"binary_version": "4.3.1-1"
},
{
"binary_name": "claws-mail-python-plugin",
"binary_version": "4.3.1-1"
},
{
"binary_name": "claws-mail-smime-plugin",
"binary_version": "4.3.1-1"
},
{
"binary_name": "claws-mail-spam-report",
"binary_version": "4.3.1-1"
},
{
"binary_name": "claws-mail-spamassassin",
"binary_version": "4.3.1-1"
},
{
"binary_name": "claws-mail-tnef-parser",
"binary_version": "4.3.1-1"
},
{
"binary_name": "claws-mail-tools",
"binary_version": "4.3.1-1"
},
{
"binary_name": "claws-mail-vcalendar-plugin",
"binary_version": "4.3.1-1"
},
{
"binary_name": "libclaws-mail-dev",
"binary_version": "4.3.1-1"
}
]
}