1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
Candidate: CVE-2009-0547
PublicDate: 2009-02-12
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0547
Description:
Evolution 2.22.3.1 checks S/MIME signatures against a copy of the e-mail
text within a signed-data blob, not the copy of the e-mail text displayed
to the user, which allows remote attackers to spoof a signature by
modifying the latter copy, a different vulnerability than CVE-2008-5077.
Ubuntu-Description:
Notes:
mdeslaur> Patch for CVE-2009-0547 introduces a regression. See links for
mdeslaur> fix.
Bugs:
http://bugzilla.gnome.org/show_bug.cgi?id=564465
http://bugs.gentoo.org/show_bug.cgi?id=258867
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-0547
https://bugzilla.redhat.com/show_bug.cgi?id=492852
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508479
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=533386
Priority: low
Discovered-by:
Assigned-to:
Patches_evolution-data-server:
upstream: http://svn.gnome.org/viewvc/evolution-data-server?view=revision&revision=10106
upstream: http://svn.gnome.org/viewvc/evolution-data-server?view=revision&revision=10194 (fix for regression)
upstream_evolution-data-server: released (2.26.0)
dapper_evolution-data-server: ignored (reached end-of-life)
gutsy_evolution-data-server: needed (reached end-of-life)
hardy_evolution-data-server: ignored (reached end-of-life)
intrepid_evolution-data-server: needed (reached end-of-life)
jaunty_evolution-data-server: not-affected (2.26.1-0ubuntu2)
karmic_evolution-data-server: not-affected
lucid_evolution-data-server: not-affected
maverick_evolution-data-server: not-affected
natty_evolution-data-server: not-affected
devel_evolution-data-server: not-affected
|