Candidate: CVE-2011-3355
PublicDate: 2019-11-25 23:15:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3355
Description:
 evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL)
 connection when attempting to store sent email messages into the Sent
 folder, when the Sent folder was located on the remote server. An attacker
 could use this flaw to obtain login credentials of the victim.
Ubuntu-Description: 
Notes: 
 mdeslaur> can't reproduce on natty and maverick. Seems to be 3.x specific
 mdeslaur> when migrating 2.x settings
Bugs: 
 https://bugzilla.gnome.org/show_bug.cgi?id=648277
 https://bugzilla.redhat.com/show_bug.cgi?id=697904
 https://bugzilla.redhat.com/show_bug.cgi?id=707848
Priority: medium
Discovered-by:
Assigned-to: 
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L [7.3 HIGH]

Patches_evolution-data-server:
 upstream: http://git.gnome.org/browse/evolution-data-server/commit/?id=e0ac4d79705c
upstream_evolution-data-server: released (3.1.2)
hardy_evolution-data-server: ignored (reached end-of-life)
lucid_evolution-data-server: not-affected (could not reproduce)
maverick_evolution-data-server: not-affected (could not reproduce)
natty_evolution-data-server: not-affected (could not reproduce)
oneiric_evolution-data-server: not-affected (3.2.0-0ubuntu1)
devel_evolution-data-server: not-affected (3.2.1-0ubuntu1)