Security Vulnerablitiy with GNOME-Evolution
Suryadevara, Revanth
Revanth.Suryadevara at arcserve.com
Tue Sep 15 07:11:51 BST 2020
Hi,
We have a system running on Debian 10 with GNOME Evolution v3.30.5-1.1 installed along with other packages.
Security Vulnerability with GNOME Evolution v3.30.5-1.1:
THREAT:
Gnome Evolution is prone to information disclosure vulnerability using the proprietary (non-RFC6068) quote"mailto?attach=..."quote parameter, a website (or other source of mailto links) can make Evolution attach local files or directories to a composed email message without showing a warning to the user, as demonstrated by an attach=. value.
Affected Version:
GNOME Evolution before 3.35.91
IMPACT:
Successful exploitation of this issue will lead to information disclosure.
SOLUTION:
Upgrading to 3.35.91 or to the latest version of GNOME Evolution (http://www.gnome.org/projects/evolution/) would resolve this Vulnerability.
When can we expect latest version of GNOME Evolution to be available in Debian 10 ?
Thanks,
Revanth.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnome-maintainers/attachments/20200915/fc3f4f31/attachment-0001.html>
More information about the pkg-gnome-maintainers
mailing list