Bug#926712: evolution-ews: CVE-2019-3890
Luca Boccassi
bluca at debian.org
Mon Jun 17 11:39:13 BST 2019
On Tue, 9 Apr 2019 15:52:52 +0200 Sylvain Beucler <
beuc at beuc.net
> wrote:
> Package: evolution-ews
> Version: 3.30.5-1
> X-Debbugs-CC:
team at security.debian.org
> Severity: grave
> Tags: security
>
> Hi,
>
> The following vulnerability was published for evolution-ews.
>
> CVE-2019-3890[0]:
> No description was found (try on a search engine)
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> For further information see:
>
> [0]
https://security-tracker.debian.org/tracker/CVE-2019-3890
>
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3890
>
https://gitlab.gnome.org/GNOME/evolution-ews/issues/27
>
https://gitlab.gnome.org/GNOME/evolution-ews/issues/36
>
https://bugzilla.redhat.com/show_bug.cgi?id=1678313
> Note: depends on evolution-data-server patch
>
> Cheers!
> Sylvain Beucler / Debian LTS
Dear Maintainers,
I have backported the required patches and tested them on Buster, they
seem to work fine.
I have opened PRs against the 2 repos on Salsa, but they both require a
new debian/buster branch to be created as debian/master has moved on to
new releases:
https://salsa.debian.org/gnome-team/evolution-data-server/merge_requests/1
https://salsa.debian.org/gnome-team/evolution-ews/merge_requests/2
It would be great if we could have evolution-ews in Buster, as it's the
only way to use exchange/o365 for Debian users.
Thanks!
--
Kind regards,
Luca Boccassi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnome-maintainers/attachments/20190617/964d0016/attachment-0001.sig>
More information about the pkg-gnome-maintainers
mailing list