[SECURITY] [DSA 4725-1] evolution-data-server security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4725-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 15, 2020 https://www.debian.org/security/faq -...

DSA-4725-1 evolution-data-server - security update

Bulletin has no description...

UBUNTU-CVE-2020-14928

evolution-data-server eds through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection."...

CVE-2020-14928

evolution-data-server eds through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection."...

evolution security and bug fix update

evolution 3.28.5-12 - Add patch for RH bug 1778799 New Mail account wizard ignores email address change 3.28.5-11 - Update patch for RH bug 1764563 CVE-2018-15587: Reposition signature bar 3.28.5-10 - Add patch for RH bug 1764563 CVE-2018-15587: Reposition signature bar - Add patch for RH bug...

Arbitrary Code Execution

evolution is vulnerablet o arbitrary code execution. Multiple integer overflow flaws which could cause heap-based buffer overflows were found in the Base64 encoding routines used by Evolution Data Server. This could cause an application using Evolution Data Server to crash, or, possibly, execute ...

Denial Of Service (DoS)

evolution is vulnerable to denial of service. It was discovered that Evolution Data Server did not properly validate NTLM NT LAN Manager authentication challenge packets. A malicious server using NTLM authentication could cause an application using Evolution Data Server to disclose portions of it...

CentOS 7 : evolution (RHSA-2020:1080)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1080 advisory. - GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a...

evolution security and bug fix update

atk 2.28.1-2 - Remove patch to fix invalid unref at atkgobjectaccessibleobjectgonecb - Resolves: 1753123 evolution 3.28.5-8 - Update patch for RH bug 1686408 CVE-2018-15587: Reposition signature bar 3.28.5-7 - Add patch for RH bug 1686408 CVE-2018-15587: Reposition signature bar 3.28.5-6 - Add...

DEBIAN-CVE-2013-4166

The gpgctxaddrecipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers...

CVE-2013-4166

The gpgctxaddrecipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers...

CVE-2013-4166

The gpgctxaddrecipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers...

CVE-2011-3355

evolution-data-server3 3.0.3 through 3.2.1 used insecure non-SSL connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server. An attacker could use this flaw to obtain login credentials of the victim...

CVE-2011-3355

evolution-data-server3 3.0.3 through 3.2.1 used insecure non-SSL connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server. An attacker could use this flaw to obtain login credentials of the victim...

Design/Logic Flaw

evolution-data-server3 3.0.3 through 3.2.1 used insecure non-SSL connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server. An attacker could use this flaw to obtain login credentials of the victim...

CVE-2011-3355

evolution-data-server3 3.0.3 through 3.2.1 used insecure non-SSL connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server. An attacker could use this flaw to obtain login credentials of the victim...

CVE-2011-3355

CVE-2011-3355 affects evolution-data-server3 versions 3.0.3 through 3.2.1. The flaw is an insecure non-SSL connection when storing sent email messages into the Sent folder located on a remote server, which could allow an attacker to obtain login credentials. Connected documents corroborate the sa...

evolution security and bug fix update

evolution 3.28.5-9 - Add patch for RH bug 1724984 ECompEditor Ensure attendee changes stored before save 3.28.5-8 - Add patch for RH bug 1724659 Make sure intltool-merge cache is created only once 3.28.5-7 - Add patch for RH bug 1724232 Help Contents F1 has a bad link to GNOME site...

Ubuntu: Security Advisory (USN-3998-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 16.04 LTS / 18.04 LTS : Evolution Data Server vulnerability (USN-3998-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3998-1 advisory. Marcus Brinkmann discovered that Evolution Data Server did not correctly interpret the output from GPG when decrypting encrypted messages. Under certa...