Your message dated Wed, 18 Feb 2026 18:36:07 +0000
with message-id <[email protected]>
and subject line Bug#1128332: fixed in evolution-data-server 3.56.2-8
has caused the Debian Bug report #1128332,
regarding evolution-data-server: CVE-2026-2604
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1128332: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128332
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: evolution-data-server
Version: 3.56.2-7
Severity: important
Tags: security upstream
Forwarded: https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/627
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for evolution-data-server.
CVE-2026-2604[0]:
| Canonicalize path before local cache file removal
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-2604
https://www.cve.org/CVERecord?id=CVE-2026-2604
[1] https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/627
[2]
https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/afa12b6ba502e5acaa431415aa3b939ddb377382
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: evolution-data-server
Source-Version: 3.56.2-8
Done: Jeremy Bícha <[email protected]>
We believe that the bug you reported is fixed in the latest version of
evolution-data-server, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jeremy Bícha <[email protected]> (supplier of updated evolution-data-server
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 18 Feb 2026 13:06:56 -0500
Source: evolution-data-server
Built-For-Profiles: noudeb
Architecture: source
Version: 3.56.2-8
Distribution: unstable
Urgency: high
Maintainer: Debian GNOME Maintainers
<[email protected]>
Changed-By: Jeremy Bícha <[email protected]>
Closes: 1128332
Changes:
evolution-data-server (3.56.2-8) unstable; urgency=high
.
[ Marc Deslauriers ]
* SECURITY UPDATE: Insecure local cache file removal
- debian/patches/CVE-2026-2604.patch: canonicalize path before local
cache file removal in
src/addressbook/backends/file/e-book-backend-file.c,
src/addressbook/libedata-book/e-book-meta-backend.c,
src/calendar/libedata-cal/e-cal-cache.c,
src/libedataserver/e-data-server-util.c,
src/libedataserver/e-data-server-util.h,
tests/libedataserver/libedataserver-test.c.
- debian/libedataserver-1.2-27t64.symbols: added new symbol
- CVE-2026-2604 (Closes: #1128332)
.
[ Jeremy Bícha ]
* Update Standards Version to 4.7.3
* Remove obsolete Lintian override
Checksums-Sha1:
3e53a474b755340c4fc526c5ea56f747193d28f3 5783
evolution-data-server_3.56.2-8.dsc
399cde8f35a90abec61c1676943e6ec1068d02f1 62920
evolution-data-server_3.56.2-8.debian.tar.xz
79623d7751647ad56bb521a9e432f94a3e7bebd4 11692
evolution-data-server_3.56.2-8_source.buildinfo
Checksums-Sha256:
1c0aea2022f3fb1eb311540989aada4eb5352ea9c7e969bfa2aca39da68b53c4 5783
evolution-data-server_3.56.2-8.dsc
5d0600a2ae1cd97761e268f9d216af63c9f8b6f798aadd8f28beb92a87194316 62920
evolution-data-server_3.56.2-8.debian.tar.xz
91bbe6f9edbfb392c3d3c8676a1b595673081811654c8d20aeaa96431f2f229d 11692
evolution-data-server_3.56.2-8_source.buildinfo
Files:
2dc8099df2edf30e471f995cbc7a2c1e 5783 gnome optional
evolution-data-server_3.56.2-8.dsc
ac50a68cb8f9a0f479a82598f59df606 62920 gnome optional
evolution-data-server_3.56.2-8.debian.tar.xz
0772675c1745f8d17706791e400dc652 11692 gnome optional
evolution-data-server_3.56.2-8_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEETQvhLw5HdtiqzpaW5mx3Wuv+bH0FAmmWAZUACgkQ5mx3Wuv+
bH04sw/8C5URimRK5bzhOVbSmCRVk8/riwem9vRXvSWbVfjVHtpLHNuRT0ITDqX8
gcT7UKqUbyr/7vajTQmaoKQ1OolwxCDjXK+Pu7zcL7LBBOFakXWzt5DC+RyDZeQW
7QOs7nqbmxP//zgCt6veADsvGtZSCMVzZ/5uo99EQKrZUDP0podZ+i0sYEBwFFBC
5/zwCWJ5qVCOpamKOlxtOwd6r18O7YbaqUa2lFPsSwCtyYQWp3CohpenJIm2klhc
pnhsMZU+2jZ7K0x1N5DUCsvdOmBuOdXheO/ELj2noXxDsTbTKjvEZfJPi7Q+5K4l
MifEFrwW9/YM/88q6XBeQXwUUyUmH8UP/BCZ6cUpUNx2TutfVuYcCPIUqU5t7mV7
uI9UM0bmCi/WbHr9jj9lLSO79BKFImknSqT7WdttvxdH2I4A8YTkPv5z7O4rRJ2Z
BgxhFZizAsnUWQ9f49uM1zzGsJ8FErmi9w9UlLAVkKw3dlsMKqt2wZfJV+DoRofE
9ow7l3q71rgQvOLhWOhZVWeg+M0OeUfy0kRIRsS5jmz8KaIuUg+HWwaN/bYwdv5y
/gg03abkB2dA9ihuPNkNTTx/UB51WvEGAJdswoeoH0FHnELRge6fOjQll1kv5puA
Uk3fdg5bwBuFRRCVWkqOYvuZoFL2Tfr0XTj5lRUxuWmf3f36uuk=
=53FU
-----END PGP SIGNATURE-----
pgp64US2w3TRi.pgp
Description: PGP signature
--- End Message ---
