[Git][security-tracker-team/security-tracker][master] Update notes for CVE-2018-15587 in data/CVE/list

Jonas Meurer gitlab at salsa.debian.org
Wed Apr 24 15:04:11 BST 2019



Jonas Meurer pushed to branch master at Debian Security Tracker / security-tracker


Commits:
32e93f1d by Jonas Meurer at 2019-04-24T14:03:50Z
Update notes for CVE-2018-15587 in data/CVE/list

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -40554,6 +40554,8 @@ CVE-2018-15587 (GNOME Evolution through 3.28.2 is prone to OpenPGP signatures be
 	NOTE: https://gitlab.gnome.org/GNOME/evolution-data-server/commit/93306a296c64b48d12c356804f131048643eaa0a (evolution-data-server)
 	NOTE: https://gitlab.gnome.org/GNOME/evolution-data-server/commit/accb0e2415681565e4dac00cf1c4303c313ad29e (evolution-data-server)
 	NOTE: https://gitlab.gnome.org/GNOME/evolution-data-server/commit/5cd59aee67450e8750eb3cb2d357d0947f199f61 (evolution-data-server)
+	NOTE: The CVE is about signature spoofing and only affects evolution (issue #120)
+	NOTE: The other issues (encryption spoofing) are unrelated and have low(er) severity.
 CVE-2018-15586 (Enigmail before 2.0.6 is prone to to OpenPGP signatures being spoofed  ...)
 	- enigmail 2:2.0.6.1-2
 	[jessie] - enigmail <end-of-life> (see https://lists.debian.org/debian-lts-announce/2019/02/msg00002.html)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/32e93f1d6689641dc90e8d21b7bff72aff22f46a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/32e93f1d6689641dc90e8d21b7bff72aff22f46a
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190424/d7f43f11/attachment.html>


More information about the debian-security-tracker-commits mailing list