Bug#926712: evolution-ews: CVE-2019-3890

Luca Boccassi bluca at debian.org
Mon Jun 17 11:39:13 BST 2019

On Tue, 9 Apr 2019 15:52:52 +0200 Sylvain Beucler <
beuc at beuc.net
> wrote:
> Package: evolution-ews
> Version: 3.30.5-1
> X-Debbugs-CC: 
team at security.debian.org

> Severity: grave
> Tags: security
> Hi,
> The following vulnerability was published for evolution-ews.
> CVE-2019-3890[0]:
> No description was found (try on a search engine)
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> For further information see:
> [0] 





> Note: depends on evolution-data-server patch
> Cheers!
> Sylvain Beucler / Debian LTS

Dear Maintainers,

I have backported the required patches and tested them on Buster, they
seem to work fine.

I have opened PRs against the 2 repos on Salsa, but they both require a
new debian/buster branch to be created as debian/master has moved on to
new releases:


It would be great if we could have evolution-ews in Buster, as it's the
only way to use exchange/o365 for Debian users.


Kind regards,
Luca Boccassi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnome-maintainers/attachments/20190617/964d0016/attachment-0001.sig>

More information about the pkg-gnome-maintainers mailing list