[Git][security-tracker-team/security-tracker][master] Do not track evolution-data-server under CVE-2018-15587
Salvatore Bonaccorso
carnil at debian.org
Wed Apr 24 19:57:55 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
34c907a0 by Salvatore Bonaccorso at 2019-04-24T18:53:58Z
Do not track evolution-data-server under CVE-2018-15587
This was added back in f6f251cff4801a452acddc3256bbb77e8e4050b8 but the
CVe is specific to the OpenPGP signatures beeing spoofed.
Apparently Ubuntu does track the second issue, for email that is not
encyrpted to look as encrypted, and fixed in evolution-data-server still
under this CVE while other (correctly?) do not.
Cf.
https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-15587.html
and other still as well relate to evolution-data-server, cf
https://bugzilla.redhat.com/show_bug.cgi?id=1677650#c2 .
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -40556,18 +40556,10 @@ CVE-2018-15588 (MailMate before 1.11.3 mishandles a suspicious HTML/MIME structu
NOT-FOR-US: MailMate
CVE-2018-15587 (GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being sp ...)
- evolution <unfixed> (bug #924616)
- - evolution-data-server <unfixed>
NOTE: https://gitlab.gnome.org/GNOME/evolution/issues/120
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=796424
- NOTE: https://gitlab.gnome.org/GNOME/evolution-data-server/issues/3
- NOTE: https://gitlab.gnome.org/GNOME/evolution-data-server/issues/75
NOTE: https://gitlab.gnome.org/GNOME/evolution/commit/9c55a311325f5905d8b8403b96607e46cf343f21 (evolution)
NOTE: https://gitlab.gnome.org/GNOME/evolution/commit/f66cd3e1db301d264563b4222a3574e2e58e2b85 (evolution)
- NOTE: https://gitlab.gnome.org/GNOME/evolution-data-server/commit/93306a296c64b48d12c356804f131048643eaa0a (evolution-data-server)
- NOTE: https://gitlab.gnome.org/GNOME/evolution-data-server/commit/accb0e2415681565e4dac00cf1c4303c313ad29e (evolution-data-server)
- NOTE: https://gitlab.gnome.org/GNOME/evolution-data-server/commit/5cd59aee67450e8750eb3cb2d357d0947f199f61 (evolution-data-server)
- NOTE: The CVE is about signature spoofing and only affects evolution (issue #120)
- NOTE: The other issues (encryption spoofing) are unrelated and have low(er) severity.
CVE-2018-15586 (Enigmail before 2.0.6 is prone to to OpenPGP signatures being spoofed ...)
- enigmail 2:2.0.6.1-2
[jessie] - enigmail <end-of-life> (see https://lists.debian.org/debian-lts-announce/2019/02/msg00002.html)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/34c907a0fb48667022f6b16fef327318a8f1ada8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/34c907a0fb48667022f6b16fef327318a8f1ada8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190424/f5677e4b/attachment.html>
More information about the debian-security-tracker-commits
mailing list