#11684: Generate a security patch for Evolution CVE-2018-15587
-------------------------+-----------------------
Reporter: renodr | Owner: blfs-book
Type: enhancement | Status: new
Priority: normal | Milestone: 8.5
Component: BOOK | Version: SVN
Severity: normal | Keywords:
-------------------------+-----------------------
I was just emailed privately by an Arch Linux developer regarding
CVE-2018-15587 in Evolution, and two vulnerabilities in GDM (I'll file a
separate ticket for that).
{{{
GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being
spoofed for arbitrary messages using a specially crafted email that
contains a valid signature from the entity to be impersonated as an
attachment.
}}}
{{{
You can find a patch here:
[https://gitlab.gnome.org/GNOME/evolution/issues/120
[https://gitlab.gnome.org/GNOME/evolution/commit/9c55a311325f5905d8b8403b96607e46cf343f21]
There is a possibility that you might not be able to backport it to 3.30
though, but I figured I would give you a heads up.
}}}
--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/11684>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
--
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
