[Git][security-tracker-team/security-tracker][master] Track status for CVE-2021-3349

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ee57d9cd by Salvatore Bonaccorso at 2021-03-01T09:03:10+01:00
Track status for CVE-2021-3349

This is disputed on GNOME Evolution side, and defered completely by
upsream to GnuPG. Though the reporter claims that GnuPG aleady provides
what would be needed to fix (additionally) in evolution.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2897,7 +2897,13 @@ CVE-2021-3351
 CVE-2021-3350 (deleteaccount.php in the Delete Account plugin 1.4 for MyBB allows XSS ...)
 	NOT-FOR-US: Delete Account plugin for MyBB
 CVE-2021-3349 (** DISPUTED ** GNOME Evolution through 3.38.3 produces a "Valid signat ...)
-	TODO: check
+	- evolution <unfixed> (unimportant)
+	NOTE: GNOME Evlolution upstreams claims that the issue should be fixed completely
+	NOTE: on the GnuPG side, whilst the reporter claims theat GnuPG provides what is
+	NOTE: needed to adress it on evolution's side.
+	NOTE: https://dev.gnupg.org/T4735
+	NOTE: https://gitlab.gnome.org/GNOME/evolution/-/issues/299
+	NOTE: https://mgorny.pl/articles/evolution-uid-trust-extrapolation.html
 CVE-2021-26538
 	RESERVED
 CVE-2021-26537



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee57d9cd1bb843361df2a79c914f166a57963a47

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee57d9cd1bb843361df2a79c914f166a57963a47
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210301/9faff31a/attachment.htm>