Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ee57d9cd by Salvatore Bonaccorso at 2021-03-01T09:03:10+01:00
Track status for CVE-2021-3349
This is disputed on GNOME Evolution side, and defered completely by
upsream to GnuPG. Though the reporter claims that GnuPG aleady provides
what would be needed to fix (additionally) in evolution.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2897,7 +2897,13 @@ CVE-2021-3351
CVE-2021-3350 (deleteaccount.php in the Delete Account plugin 1.4 for MyBB
allows XSS ...)
NOT-FOR-US: Delete Account plugin for MyBB
CVE-2021-3349 (** DISPUTED ** GNOME Evolution through 3.38.3 produces a "Valid
signat ...)
- TODO: check
+ - evolution <unfixed> (unimportant)
+ NOTE: GNOME Evlolution upstreams claims that the issue should be fixed
completely
+ NOTE: on the GnuPG side, whilst the reporter claims theat GnuPG
provides what is
+ NOTE: needed to adress it on evolution's side.
+ NOTE: https://dev.gnupg.org/T4735
+ NOTE: https://gitlab.gnome.org/GNOME/evolution/-/issues/299
+ NOTE: https://mgorny.pl/articles/evolution-uid-trust-extrapolation.html
CVE-2021-26538
RESERVED
CVE-2021-26537
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee57d9cd1bb843361df2a79c914f166a57963a47
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee57d9cd1bb843361df2a79c914f166a57963a47
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
