Package: evolution Version: 3.18.0-2 Severity: important Control: found -1 3.12.9~git20141130.241663-1
Hi, Evolution displays HTML messages by default, but (as far as I understand) the engine used to do so it not well-maintained security wise. [1] was mentioned on IRC. Please consider disabling rendering of HTML by default. Currently users can disable this manually: Edit -> Preferences -> Mail Preferences -> HTML Messages -> Plain Text Mode: HTML Mode -> Only ever show plain text. If you consider this request valid, it might also make sense to implement the same change in Jessie. I marked the bug as found in Jessie's version of evolution to keep track of this. Ansgar [1] <https://bugzilla.gnome.org/show_bug.cgi?id=751588#c3>
