[SECURITY] [DLA 1443-1] evolution-data-server security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : evolution-data-server
Version : 3.12.9~git20141128.5242b0-2+deb8u4
CVE IDs : CVE-2016-10727
It was discovered that there was a protocol implementation error in
evolution-data-server where "STARTTLS not supported" errors from IMAP
servers were ignored leading to the use of insecure connections without
the user's knowledge or consent.
For Debian 8 "Jessie", this issue has been fixed in evolution-data-server
version 3.12.9~git20141128.5242b0-2+deb8u4.
We recommend that you upgrade your evolution-data-server packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` lamby@debian.org / chris-lamb.co.uk
`-
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAltYC6MACgkQHpU+J9Qx
HliOqA/+NcP9dzBck3aynMmcZK3gvNrIzcr55oHICzd7nOirNLoruPr2ZErdPFHT
LfB6rJBG32rqMDGDZafo5k8zggduBSMpw2ZEXjzFMTRpVqpHIYDJAgMR956otVOO
1htoXEYe0vPzx3W7GzejkiezmiG0yZOAsOzZj5OCu1kpl9otn5z5DxOJYQtPsO6x
EUNH6ulcyB6OXg0eiUmdl+Ubqm0plNZXWBJ+KDTpr4agj7FPbLIt88TA94e5g8Y0
1JfPd/mJvVDrkZtUs/5jPH+MUIiJtZ7+xEExnbPuIjZOz4EfbDuXwfWFuX93lrVL
6PSuMECgYZrRsjdn8BAHcdCyodTOO5JgZ9ivmP1Q4kZHC+AiBMG66g6kicVsF/D8
EXKYso5Sn/DCdK1U0hIY0rRibl8erJ82W9OCJOx4u4RaOmwyNzs5Lsh/8fBp5yrf
24Jyqy/2YcVnfHuUaASFMpuKjFGC2keMmc52ZTeVnZaTaV4/VlAeoiEzCEAnxgHk
AOlESYzUJWLDRBbnplUM2CX8ZvDuZ3LCD5E/m4MaaTHTh/2KsZ+Blsw2q4/xn/hh
19Eq5JeXC0J+tEhBUJhZ7302E+sIpuPguYVaZ0MPWxloNLqf09OjW7lgzQlQHX5I
5pC+Yc7vfoBhrtV/x727b4V/p5aMdP50/rFz61aHBzGHqjebIq0=
=kP3R
-----END PGP SIGNATURE-----
Reply to: