CVE-2007-1266
Published: 6 March 2007
Evolution 2.8.1 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Evolution from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.
Notes
Author | Note |
---|---|
kees | feature-request not security issue since gpg is fixed with CVE-2007-1263 |