[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1766-1] evolution security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : evolution
Version        : 3.12.9~git20141130.241663-1+deb8u1
CVE ID         : CVE-2018-15587
Debian Bug     : 924616


Hanno Böck discovered that GNOME Evolution is prone to OpenPGP
signatures being spoofed for arbitrary messages using a specially
crafted HTML email. This issue was mitigated by moving the security
bar with encryption and signature information above the message headers.

For Debian 8 "Jessie", this problem has been fixed in version
3.12.9~git20141130.241663-1+deb8u1.

We recommend that you upgrade your evolution packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

- -- 
Jonas Meurer
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEELIzSg9Pv30M4kOeDUmLn/0kQSf4FAlzDc9gACgkQUmLn/0kQ
Sf4iIQ//Zw2B4SDffgH29PdmnGRxFrwkiHYicVL2+8tAekfMTdXzIYAVzKgocD4+
Z37+u3PEhmww+eMEgouhKjBgMU9ikEzpW7j+3VM3qLvOOJYrk8rgIZ1N0GZrmFbt
TbMHdkIRSo1W7lkfXaGIIaThaV4UlVQdo4GquXlbgxslUp4Ak2GSF94lMu6Clog7
st8/teDGtMwiFjoRwNP1ZAkx5wvDSNeOpiz4iw3Qooh1ufpVeA7j5L3mouNXhrdt
KHn0nZFHzynEOcqAmVL7vmEcfvYC439ku5buhqSw5fHKAOqkUcZ8As2TWGeH5WE6
SHZTHndzZZWXcn5FILqg19Zc3XE3VsWP43fesSngW6uleo8Do9PzAanSjasZm6J7
UHVRbhOVHBgXLZfwO6kcSSyl6kvW7GEuw1qzitZ0AqQ4ptu3GKZq53s6MUFIZ8WF
JZqcVT532/5gbxFlWPdqWMOCTyFNZEIk75fGIWP8OzBAgDDIVEKpPWmjybXmg0nM
hZAH4mRdwa8tSSmAW7ttVUdfW0LweNpMtb39RxqVgTLaAIVPQF9c2CIIJvgQW7wk
+S9k+irWJovGV+oOk+iF/3K9bVsHPBJ75gKhinBb0a80U8gLHltGFlSPCsS7p+pd
omk/rzFSiR1hnNIIKwqCGbWwjtZ6N3/Uu1TzoXMboZ2H5YOf3s8=
=/LNe
-----END PGP SIGNATURE-----
Reply to: