Your submission was sent successfully! Close

CVE-2018-15587

Published: 11 February 2019

GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment.

Notes

AuthorNote
mdeslaur
looks like there are two issues here:
#1- evolution shows security bar at bottom of message
#2- mail that is not encrypted looks encrypted
Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
evolution
Launchpad, Ubuntu, Debian
bionic Needed

cosmic Ignored
(reached end-of-life)
disco
Released (3.31.90-1)
eoan
Released (3.31.90-1)
focal
Released (3.31.90-1)
groovy
Released (3.31.90-1)
hirsute
Released (3.31.90-1)
impish
Released (3.31.90-1)
jammy
Released (3.31.90-1)
kinetic
Released (3.31.90-1)
precise Does not exist

trusty Does not exist
(trusty was needed)
upstream Needs triage

xenial Ignored
(end of standard support, was needed)
Patches:
upstream: https://gitlab.gnome.org/GNOME/evolution/commit/9c55a311325f5905d8b8403b96607e46cf343f21 (1)
upstream: https://gitlab.gnome.org/GNOME/evolution/commit/f66cd3e1db301d264563b4222a3574e2e58e2b85 (2)



evolution-data-server
Launchpad, Ubuntu, Debian
bionic
Released (3.28.5-0ubuntu0.18.04.2)
cosmic
Released (3.30.5-0ubuntu0.18.10.1)
disco
Released (3.31.90-1)
eoan
Released (3.31.90-1)
focal
Released (3.31.90-1)
groovy
Released (3.31.90-1)
hirsute
Released (3.31.90-1)
impish
Released (3.31.90-1)
jammy
Released (3.31.90-1)
kinetic
Released (3.31.90-1)
precise Does not exist

trusty Does not exist
(trusty was needed)
upstream Needs triage

xenial
Released (3.18.5-1ubuntu1.2)
Patches:


upstream: https://gitlab.gnome.org/GNOME/evolution-data-server/commit/93306a296c64b48d12c356804f131048643eaa0a (2)
upstream: https://gitlab.gnome.org/GNOME/evolution-data-server/commit/accb0e2415681565e4dac00cf1c4303c313ad29e (2)
upstream: https://gitlab.gnome.org/GNOME/evolution-data-server/commit/5cd59aee67450e8750eb3cb2d357d0947f199f61 (2)