[ubuntu/xenial-security] evolution-data-server 3.18.5-1ubuntu1.2 (Accepted)

Alex Murray alex.murray at canonical.com
Thu May 30 11:12:19 UTC 2019


evolution-data-server (3.18.5-1ubuntu1.2) xenial-security; urgency=medium

  * SECURITY UPDATE: GPG email signature spoofing
    - debian/patches/CVE-2018-15587-1.patch: Add more strict parsing for
      output from gpg in src/camel/camel-gpg-context.c to ensure signatures
      cannot be spoofed
    - debian/patches/CVE-2018-15587-2.patch: Ensure decrypted output is
      not truncated in src/camel/camel-gpg-context.c
    - debian/patches/CVE-2018-15587-3.patch: Fix incomplete upstream patch in
      src/camel/camel-gpg-context.c to ensure the entire message is read

Date: 2019-05-28 12:16:14.365200+00:00
Changed-By: Alex Murray <alex.murray at canonical.com>
https://launchpad.net/ubuntu/+source/evolution-data-server/3.18.5-1ubuntu1.2
-------------- next part --------------
Sorry, changesfile not available.


More information about the Xenial-changes mailing list