CVE-2011-3201

Published: 08 March 2013

GNOME Evolution before 3.2.3 allows user-assisted remote attackers to read arbitrary files via the attachment parameter to a mailto: URL, which attaches the file to the email.

Priority

Low

Status

Package Release Status
evolution
Launchpad, Ubuntu, Debian
Upstream
Released (3.2.3)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected)

Notes

AuthorNote
jdstrand
no upstream patch yet (2011-10-13). In discussion in RedHat bug.
requires user to not notice the attachment

References

Bugs