evolution is vulnerable to signature verification bypass. A “Valid signature” message is produced for an unknown identifier on a previously trusted key as the applcation does not retrieve enough information from the GnuPG API. NOTE: third parties dispute the significance of this issue, and dispute whether Evolution is the best place to change this behavior.
CPE | Name | Operator | Version |
---|---|---|---|
evolution:3.13 | eq | 3.38.3-r0 |