UbuntuUpdates.org

Package "evolution-data-server-common"

Name: evolution-data-server-common

Description:

architecture independent files for Evolution Data Server

Latest version: 3.18.5-1ubuntu1.3
Release: xenial (16.04)
Level: security
Repository: main
Head package: evolution-data-server
Homepage: https://wiki.gnome.org/Apps/Evolution

Links


Download "evolution-data-server-common"


Other versions of "evolution-data-server-common" in Xenial

Repository Area Version
base main 3.18.5-1ubuntu1
updates main 3.18.5-1ubuntu1.3

Changelog

Version: 3.18.5-1ubuntu1.3 2020-07-22 14:06:18 UTC

  evolution-data-server (3.18.5-1ubuntu1.3) xenial-security; urgency=medium

  * SECURITY UPDATE: STARTTLS response injection
    - debian/patches/CVE-2020-14928-1.patch: truncate cached data in
      camel/camel-stream-buffer.c, camel/camel-stream-buffer.h,
      camel/providers/pop3/camel-pop3-store.c,
      camel/providers/pop3/camel-pop3-stream.c,
      camel/providers/pop3/camel-pop3-stream.h,
      camel/providers/smtp/camel-smtp-transport.c.
    - debian/patches/CVE-2020-14928-2.patch: rename function in
      camel/camel-stream-buffer.c, camel/camel-stream-buffer.h,
      camel/providers/pop3/camel-pop3-store.c,
      camel/providers/pop3/camel-pop3-stream.c,
      camel/providers/pop3/camel-pop3-stream.h,
      camel/providers/smtp/camel-smtp-transport.c.
    - debian/libcamel-1.2-54.symbols: added new symbol.
    - CVE-2020-14928

 -- Marc Deslauriers <email address hidden> Wed, 08 Jul 2020 09:49:50 -0400

Source diff to previous version
CVE-2020-14928 evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds

Version: 3.18.5-1ubuntu1.2 2019-05-30 13:06:55 UTC

  evolution-data-server (3.18.5-1ubuntu1.2) xenial-security; urgency=medium

  * SECURITY UPDATE: GPG email signature spoofing
    - debian/patches/CVE-2018-15587-1.patch: Add more strict parsing for
      output from gpg in src/camel/camel-gpg-context.c to ensure signatures
      cannot be spoofed
    - debian/patches/CVE-2018-15587-2.patch: Ensure decrypted output is
      not truncated in src/camel/camel-gpg-context.c
    - debian/patches/CVE-2018-15587-3.patch: Fix incomplete upstream patch in
      src/camel/camel-gpg-context.c to ensure the entire message is read

 -- Alex Murray <email address hidden> Tue, 28 May 2019 17:07:19 +0930

Source diff to previous version
CVE-2018-15587 GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a va

Version: 3.18.5-1ubuntu1.1 2018-07-26 13:06:49 UTC

  evolution-data-server (3.18.5-1ubuntu1.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Unexpected STARTTLS downgrade
    - debian/patches/CVE-2016-10727.patch: When a user has setup the STARTTLS
      encryption method, but the server doesn't support it, then an error should
      be shown to the user, instead of using unsecure connection. In
      camel/providers/imapx/camel-imax-server.c
    - CVE-2016-10727

 -- Mike Salvatore <email address hidden> Wed, 25 Jul 2018 09:13:51 -0400

CVE-2016-10727 camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containin



About   -   Send Feedback to @ubuntu_updates