CVE-2018-15587

Priority
Description
GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed
for arbitrary messages using a specially crafted email that contains a
valid signature from the entity to be impersonated as an attachment.
Notes
 mdeslaur> looks like there are two issues here:
 mdeslaur> #1- evolution shows security bar at bottom of message
 mdeslaur> #2- mail that is not encrypted looks encrypted
Assigned-to
amurray
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 18.10 (Cosmic Cuttlefish):needed
Ubuntu 19.04 (Disco Dingo):released (3.31.90-1)
Ubuntu 19.10 (Eoan):released (3.31.90-1)
Patches:
Upstream:https://gitlab.gnome.org/GNOME/evolution/commit/9c55a311325f5905d8b8403b96607e46cf343f21 (1)
Upstream:https://gitlab.gnome.org/GNOME/evolution/commit/f66cd3e1db301d264563b4222a3574e2e58e2b85 (2)
More Information

Updated: 2019-05-30 13:14:17 UTC (commit 5c7011812c8334efa80209d72bcdc863d0757666)