Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 34c907a0 by Salvatore Bonaccorso at 2019-04-24T18:53:58Z Do not track evolution-data-server under CVE-2018-15587 This was added back in f6f251cff4801a452acddc3256bbb77e8e4050b8 but the CVe is specific to the OpenPGP signatures beeing spoofed. Apparently Ubuntu does track the second issue, for email that is not encyrpted to look as encrypted, and fixed in evolution-data-server still under this CVE while other (correctly?) do not. Cf. https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-15587.html and other still as well relate to evolution-data-server, cf https://bugzilla.redhat.com/show_bug.cgi?id=1677650#c2 . - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -40556,18 +40556,10 @@ CVE-2018-15588 (MailMate before 1.11.3 mishandles a suspicious HTML/MIME structu NOT-FOR-US: MailMate CVE-2018-15587 (GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being sp ...) - evolution <unfixed> (bug #924616) - - evolution-data-server <unfixed> NOTE: https://gitlab.gnome.org/GNOME/evolution/issues/120 NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=796424 - NOTE: https://gitlab.gnome.org/GNOME/evolution-data-server/issues/3 - NOTE: https://gitlab.gnome.org/GNOME/evolution-data-server/issues/75 NOTE: https://gitlab.gnome.org/GNOME/evolution/commit/9c55a311325f5905d8b8403b96607e46cf343f21 (evolution) NOTE: https://gitlab.gnome.org/GNOME/evolution/commit/f66cd3e1db301d264563b4222a3574e2e58e2b85 (evolution) - NOTE: https://gitlab.gnome.org/GNOME/evolution-data-server/commit/93306a296c64b48d12c356804f131048643eaa0a (evolution-data-server) - NOTE: https://gitlab.gnome.org/GNOME/evolution-data-server/commit/accb0e2415681565e4dac00cf1c4303c313ad29e (evolution-data-server) - NOTE: https://gitlab.gnome.org/GNOME/evolution-data-server/commit/5cd59aee67450e8750eb3cb2d357d0947f199f61 (evolution-data-server) - NOTE: The CVE is about signature spoofing and only affects evolution (issue #120) - NOTE: The other issues (encryption spoofing) are unrelated and have low(er) severity. CVE-2018-15586 (Enigmail before 2.0.6 is prone to to OpenPGP signatures being spoofed ...) - enigmail 2:2.0.6.1-2 [jessie] - enigmail <end-of-life> (see https://lists.debian.org/debian-lts-announce/2019/02/msg00002.html) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/34c907a0fb48667022f6b16fef327318a8f1ada8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/34c907a0fb48667022f6b16fef327318a8f1ada8 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
