[USN-3998-1] Evolution Data Server vulnerability

Alex Murray alex.murray at canonical.com
Thu May 30 13:04:38 UTC 2019

Ubuntu Security Notice USN-3998-1
May 30, 2019

evolution-data-server vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS


Evolution Data Server would sometimes display email content as encrypted
when it was not.

Software Description:
- evolution-data-server: Evolution suite data server


Marcus Brinkmann discovered that Evolution Data Server did not correctly
interpret the output from GPG when decrypting encrypted messages. Under
certain circumstances, this could result in displaying clear-text portions
of encrypted messages as though they were encrypted.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
  evolution-data-server           3.28.5-0ubuntu0.18.04.2
  evolution-data-server-common    3.28.5-0ubuntu0.18.04.2
  libcamel-1.2-61                 3.28.5-0ubuntu0.18.04.2
  libebackend-1.2-10              3.28.5-0ubuntu0.18.04.2
  libedataserver-1.2-23           3.28.5-0ubuntu0.18.04.2

Ubuntu 16.04 LTS:
  evolution-data-server           3.18.5-1ubuntu1.2
  evolution-data-server-common    3.18.5-1ubuntu1.2
  libcamel-1.2-54                 3.18.5-1ubuntu1.2
  libebackend-1.2-10              3.18.5-1ubuntu1.2
  libedataserver-1.2-21           3.18.5-1ubuntu1.2

After a standard system update you need to restart Evolution to make
all the necessary changes.


Package Information:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20190530/cd0eedfc/attachment.sig>

More information about the ubuntu-security-announce mailing list