Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 699858 (CVE-2019-3890) - <gnome-extra/evolution-ews-3.32.2: all certificate errors ignored if configured to ignore an initial error (CVE-2019-3890)
Summary: <gnome-extra/evolution-ews-3.32.2: all certificate errors ignored if configur...
Status: IN_PROGRESS
Alias: CVE-2019-3890
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B4 [stable?]
Keywords:
Depends on:
Blocks:
 
Reported: 2019-11-11 17:57 UTC by GLSAMaker/CVETool Bot
Modified: 2019-11-17 22:21 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2019-11-11 17:57:51 UTC
CVE-2019-3890 (https://nvd.nist.gov/vuln/detail/CVE-2019-3890):
  It was discovered evolution-ews before 3.31.3 does not check the validity of
  SSL certificates. An attacker could abuse this flaw to get confidential
  information by tricking the user into connecting to a fake server without
  the user noticing the difference.
Comment 1 Mart Raudsepp gentoo-dev 2019-11-17 22:21:10 UTC
This is probably a duplicate of bug 678070.