Candidate: CVE-2021-3349
PublicDate: 2021-02-01 05:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3349
 https://dev.gnupg.org/T4735
 https://gitlab.gnome.org/GNOME/evolution/-/issues/299
 https://mgorny.pl/articles/evolution-uid-trust-extrapolation.html
Description:
 ** DISPUTED ** GNOME Evolution through 3.38.3 produces a "Valid signature"
 message for an unknown identifier on a previously trusted key because
 Evolution does not retrieve enough information from the GnuPG API. NOTE:
 third parties dispute the significance of this issue, and dispute whether
 Evolution is the best place to change this behavior.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N [3.3 LOW]


Patches_evolution:
upstream_evolution: needs-triage
precise/esm_evolution: DNE
trusty_evolution: ignored (out of standard support)
trusty/esm_evolution: DNE
xenial_evolution: ignored (end of standard support, was needs-triage)
bionic_evolution: needs-triage
focal_evolution: needs-triage
groovy_evolution: ignored (reached end-of-life)
hirsute_evolution: ignored (reached end-of-life)
impish_evolution: needs-triage
jammy_evolution: needs-triage
devel_evolution: needs-triage