CVE-2020-11879

Priority
Description
An issue was discovered in GNOME Evolution before 3.35.91. By using the
proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or
other source of mailto links) can make Evolution attach local files or
directories to a composed email message without showing a warning to the
user, as demonstrated by an attach=. value.
Notes
Package
Upstream:released (3.36.0-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 20.04 LTS (Focal Fossa):needed
Ubuntu 20.10 (Groovy Gorilla):needed
More Information

Updated: 2020-09-09 23:34:46 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)