Candidate: CVE-2009-0547
PublicDate: 2009-02-12 23:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0547
Description:
 Evolution 2.22.3.1 checks S/MIME signatures against a copy of the e-mail
 text within a signed-data blob, not the copy of the e-mail text displayed
 to the user, which allows remote attackers to spoof a signature by
 modifying the latter copy, a different vulnerability than CVE-2008-5077.
Ubuntu-Description:
Notes:
 mdeslaur> Patch for CVE-2009-0547 introduces a regression. See links for
 mdeslaur> fix.
Bugs:
 http://bugzilla.gnome.org/show_bug.cgi?id=564465
 http://bugs.gentoo.org/show_bug.cgi?id=258867
 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-0547
 https://bugzilla.redhat.com/show_bug.cgi?id=492852
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508479
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=533386
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_evolution-data-server:
 upstream: http://svn.gnome.org/viewvc/evolution-data-server?view=revision&revision=10106
 upstream: http://svn.gnome.org/viewvc/evolution-data-server?view=revision&revision=10194 (fix for regression)
upstream_evolution-data-server: released (2.26.0)
dapper_evolution-data-server: ignored (reached end-of-life)
gutsy_evolution-data-server: needed (reached end-of-life)
hardy_evolution-data-server: ignored (reached end-of-life)
intrepid_evolution-data-server: needed (reached end-of-life)
jaunty_evolution-data-server: not-affected (2.26.1-0ubuntu2)
karmic_evolution-data-server: not-affected
lucid_evolution-data-server: not-affected
maverick_evolution-data-server: not-affected
natty_evolution-data-server: not-affected
devel_evolution-data-server: not-affected