USN-3998-1 evolution-data-server vulnerability

Marcus Brinkmann discovered that Evolution Data Server did not correctly interpret the output from GPG when decrypting encrypted messages. Under certain circumstances, this could result in displaying clear-text portions of encrypted messages as though they were encrypted...

Fedora Update for evolution-data-server FEDORA-2019-3a2cc6a0b9

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora 29 : evolution-data-server / evolution-ews (2019-3a2cc6a0b9)

Security fix for CVE-2019-3890 - SSL Certificates are not validated Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...

[SECURITY] Fedora 29 Update: evolution-data-server-3.30.5-2.fc29

The evolution-data-server package provides a unified backend for programs t hat work with contacts, tasks, and calendar information. It was originally developed for Evolution hence the name, but is now used by other packages...

Fedora 28 : evolution / evolution-data-server / evolution-ews (2018-1434efb8f3)

Update to 3.28.4 upstream release Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL...

GNOME security, bug fix, and enhancement update

PackageKit 1.1.10-1.0.1 - remove PackageKit-0.3.8-Fedora-Vendor.conf.patch 1.1.10-1 - New upstream release - Resolves: 1576494 accountsservice 0.6.50-2 - Fix user switching Resolves: 1597350 0.6.50-1 - Update to 0.6.50 Related: 1576538 Related: 1596735 Related: 1602918 0.6.49-1 - Update to 0.6.49...

Ubuntu 14.04 LTS / 16.04 LTS : Evolution Data Server vulnerability (USN-3724-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3724-1 advisory. Jon Kristensen discovered that Evolution Data Server would automatically downgrade a connection to an IMAP server if the IMAP server did not support...

Ubuntu: Security Advisory (USN-3724-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-3724-1 evolution-data-server vulnerability

Jon Kristensen discovered that Evolution Data Server would automatically downgrade a connection to an IMAP server if the IMAP server did not support SSL. This would result in the user's password being unexpectedly sent in clear text, even though the user had requested to use SSL...

USN-3724-1: Evolution Data Server vulnerability

Jon Kristensen discovered that Evolution Data Server would automatically downgrade a connection to an IMAP server if the IMAP server did not support SSL. This would result in the user's password being unexpectedly sent in clear text, even though the user had requested to use SSL...

[SECURITY] [DLA 1443-1] evolution-data-server security update

Package : evolution-data-server Version : 3.12.9git20141128.5242b0-2+deb8u4 CVE IDs : CVE-2016-10727 It was discovered that there was a protocol implementation error in evolution-data-server where "STARTTLS not supported" errors from IMAP servers were ignored leading to the use of insecure...

DLA-1443-1 evolution-data-server - security update

Bulletin has no description...

Debian: Security Advisory (DLA-1443-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 28 Update: evolution-data-server-3.28.4-1.fc28

The evolution-data-server package provides a unified backend for programs t hat work with contacts, tasks, and calendar information. It was originally developed for Evolution hence the name, but is now used by other packages...

Fedora Update for evolution-data-server FEDORA-2018-1434efb8f3

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Code injection

camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensiti...

DEBIAN-CVE-2016-10727

camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensiti...

CVE-2016-10727

camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensiti...

CVE-2016-10727

camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensiti...

CVE-2016-10727

Evolution Data Server’s IMAPx component (camel-imapx-server.c) before version 3.21.2 allows plaintext transmission when a client requests STARTTLS but the server does not use STARTTLS, enabling password sniffing over the network. Root cause: incorrect handling that should have error-terminated th...