Summary: | <gnome-extra/evolution-data-server-3.36.4: Response injection via STARTTLS (SMTP, POP3) (CVE-2020-14928) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | gnome |
Priority: | Normal | Flags: | nattka:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/226 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
gnome-extra/evolution-data-server-3.36.4
mail-client/evolution-3.36.4
gnome-extra/evolution-ews-3.36.4
|
Runtime testing required: | --- |
Bug Depends on: | |||
Bug Blocks: | 807352 |
Description
Sam James
2020-07-04 18:21:19 UTC
Fixed in 3.36.4, 3.37.3 https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/e3ce982c52aac2b094c6bc7fca7b746213714222 https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/ebb4a3d7576118b282b1e951a696bd7062b73749 Thanks to leio for pinging about this. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=80ea3296f50742cd45e11c9e873fb9998f6be688 commit 80ea3296f50742cd45e11c9e873fb9998f6be688 Author: Mart Raudsepp <leio@gentoo.org> AuthorDate: 2020-07-04 17:52:39 +0000 Commit: Mart Raudsepp <leio@gentoo.org> CommitDate: 2020-07-04 21:18:17 +0000 gnome-extra/evolution-data-server: bump to 3.36.4, fixes CVE-2020-14928 Bug: https://bugs.gentoo.org/730748 Package-Manager: Portage-2.3.84, Repoman-2.3.20 Signed-off-by: Mart Raudsepp <leio@gentoo.org> gnome-extra/evolution-data-server/Manifest | 1 + .../evolution-data-server-3.36.4.ebuild | 148 +++++++++++++++++++++ 2 files changed, 149 insertions(+) x86 stable amd64: ping amd64 stable. Maintainer(s), please cleanup. Security, please vote. |