PublicDateAtUSN: 2019-02-11 Candidate: CVE-2018-15587 PublicDate: 2019-02-11 17:29:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15587 https://ubuntu.com/security/notices/USN-3998-1 Description: GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment. Ubuntu-Description: Notes: mdeslaur> looks like there are two issues here: mdeslaur> #1- evolution shows security bar at bottom of message mdeslaur> #2- mail that is not encrypted looks encrypted Bugs: https://gitlab.gnome.org/GNOME/evolution/issues/120 https://bugzilla.gnome.org/show_bug.cgi?id=796424 https://gitlab.gnome.org/GNOME/evolution-data-server/issues/3 https://gitlab.gnome.org/GNOME/evolution-data-server/issues/75 https://dev.gnupg.org/T4000 Priority: medium Discovered-by: Hanno Böck (1) and Marcus Brinkmann (2) Assigned-to: CVSS: nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N [6.5 MEDIUM] Patches_evolution: upstream: https://gitlab.gnome.org/GNOME/evolution/commit/9c55a311325f5905d8b8403b96607e46cf343f21 (1) upstream: https://gitlab.gnome.org/GNOME/evolution/commit/f66cd3e1db301d264563b4222a3574e2e58e2b85 (2) upstream_evolution: needs-triage precise/esm_evolution: DNE trusty_evolution: ignored (reached end-of-life) trusty/esm_evolution: DNE (trusty was needed) xenial_evolution: ignored (end of standard support, was needed) bionic_evolution: needed cosmic_evolution: ignored (reached end-of-life) disco_evolution: released (3.31.90-1) eoan_evolution: released (3.31.90-1) focal_evolution: released (3.31.90-1) groovy_evolution: released (3.31.90-1) hirsute_evolution: released (3.31.90-1) impish_evolution: released (3.31.90-1) jammy_evolution: released (3.31.90-1) devel_evolution: released (3.31.90-1) Patches_evolution-data-server: upstream: https://gitlab.gnome.org/GNOME/evolution-data-server/commit/93306a296c64b48d12c356804f131048643eaa0a (2) upstream: https://gitlab.gnome.org/GNOME/evolution-data-server/commit/accb0e2415681565e4dac00cf1c4303c313ad29e (2) upstream: https://gitlab.gnome.org/GNOME/evolution-data-server/commit/5cd59aee67450e8750eb3cb2d357d0947f199f61 (2) upstream_evolution-data-server: needs-triage precise/esm_evolution-data-server: DNE trusty_evolution-data-server: ignored (reached end-of-life) trusty/esm_evolution-data-server: DNE (trusty was needed) xenial_evolution-data-server: released (3.18.5-1ubuntu1.2) esm-infra/xenial_evolution-data-server: released (3.18.5-1ubuntu1.2) bionic_evolution-data-server: released (3.28.5-0ubuntu0.18.04.2) cosmic_evolution-data-server: released (3.30.5-0ubuntu0.18.10.1) disco_evolution-data-server: released (3.31.90-1) eoan_evolution-data-server: released (3.31.90-1) focal_evolution-data-server: released (3.31.90-1) groovy_evolution-data-server: released (3.31.90-1) hirsute_evolution-data-server: released (3.31.90-1) impish_evolution-data-server: released (3.31.90-1) jammy_evolution-data-server: released (3.31.90-1) devel_evolution-data-server: released (3.31.90-1)