Published: 08 March 2013
GNOME Evolution before 3.2.3 allows user-assisted remote attackers to read arbitrary files via the attachment parameter to a mailto: URL, which attaches the file to the email.
no upstream patch yet (2011-10-13). In discussion in RedHat bug. requires user to not notice the attachment