Upstream fixes: http://git.gnome.org/browse/evolution-data-server/commit/?id=969ea449d30be94f92feaa9ae5a18f83e68b2035 http://git.gnome.org/browse/evolution/commit/?id=12256b4f1cc7def560824ed5fb3c506669709a32
These went into 3.5. Precise is 3.2.3-0ubuntu6 and Quantal on 3.4.3-1ubuntu1. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to evolution-data-server in Ubuntu. https://bugs.launchpad.net/bugs/933659 Title: evolution calendar does not check SSL certificates Status in Evolution Data Server: Fix Released Status in “evolution-data-server” package in Ubuntu: Confirmed Status in “evolution-data-server” package in openSUSE: Unknown Bug description: When using a google calendar in evolution, evolution uses HTTPS. However, certificate correctness is not checked. Using a tool like sslsniff allows to capture user name and password. Given the calendar is periodically updated, it is trivial for an attacker to retrieve user private data when connected to the same local network. To manage notifications about this bug go to: https://bugs.launchpad.net/evolution-data-server/+bug/933659/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
