Your submission was sent successfully! Close

CVE-2018-15587

Published: 11 February 2019

GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment.

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
evolution
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.10 (Impish Indri)
Released (3.31.90-1)
Ubuntu 21.04 (Hirsute Hippo)
Released (3.31.90-1)
Ubuntu 20.04 LTS (Focal Fossa)
Released (3.31.90-1)
Ubuntu 18.04 LTS (Bionic Beaver) Needed

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end of standard support, was needed)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)
Patches:
Upstream: https://gitlab.gnome.org/GNOME/evolution/commit/9c55a311325f5905d8b8403b96607e46cf343f21 (1)
Upstream: https://gitlab.gnome.org/GNOME/evolution/commit/f66cd3e1db301d264563b4222a3574e2e58e2b85 (2)
evolution-data-server
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.10 (Impish Indri)
Released (3.31.90-1)
Ubuntu 21.04 (Hirsute Hippo)
Released (3.31.90-1)
Ubuntu 20.04 LTS (Focal Fossa)
Released (3.31.90-1)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (3.28.5-0ubuntu0.18.04.2)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (3.18.5-1ubuntu1.2)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)
Patches:
Upstream: https://gitlab.gnome.org/GNOME/evolution-data-server/commit/93306a296c64b48d12c356804f131048643eaa0a (2)
Upstream: https://gitlab.gnome.org/GNOME/evolution-data-server/commit/accb0e2415681565e4dac00cf1c4303c313ad29e (2)
Upstream: https://gitlab.gnome.org/GNOME/evolution-data-server/commit/5cd59aee67450e8750eb3cb2d357d0947f199f61 (2)