[Git][security-tracker-team/security-tracker][master] mark efail as unimportant for evolution

Yves-Alexis Perez corsac at debian.org
Mon Aug 20 13:51:31 BST 2018 

Yves-Alexis Perez pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4b6ee29a by Yves-Alexis Perez at 2018-08-20T12:51:06Z
mark efail as unimportant for evolution

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -35836,7 +35836,7 @@ CVE-2017-17689 (The S/MIME specification allows a Cipher Block Chaining (CBC) ..
 	- thunderbird <unfixed> (bug #898631)
 	[stretch] - thunderbird <postponed> (Wait until fixed in upstream release)
 	[jessie] - thunderbird <postponed> (Wait until fixed in upstream release)
-	- evolution <unfixed> (bug #898633)
+	- evolution <unfixed> (bug #898633; unimportant)
 	- kmail <unfixed> (bug #898634)
 	- kf5-messagelib <unfixed> (bug #899127)
 	[stretch] - kf5-messagelib <no-dsa> (Defaults to secure handling, change to disable it entirely can be fixed via spu)
@@ -35845,6 +35845,7 @@ CVE-2017-17689 (The S/MIME specification allows a Cipher Block Chaining (CBC) ..
 	NOTE: https://efail.de
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=796135
 	NOTE: https://dot.kde.org/2018/05/15/efail-and-kmail
+	NOTE: protocol vulnerability can't be fixed in implementations but they can't prevent exploitation by disabling loading of remote content
 CVE-2017-17688 (** DISPUTED ** The OpenPGP specification allows a Cipher Feedback Mode ...)
 	- enigmail <unfixed> (bug #898630)
 	NOTE: vulnerability is in the clients handling, not in OpenPGP



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4b6ee29a5e8f1cd055f750514271d21c527c9624

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4b6ee29a5e8f1cd055f750514271d21c527c9624
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180820/b205b182/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list