Your message dated Fri, 07 Jun 2019 10:02:09 +0000
with message-id <e1hzbhj-00087v...@fasolo.debian.org>
and subject line Bug#924616: fixed in evolution 3.22.6-1+deb9u2
has caused the Debian Bug report #924616,
regarding CVE-2018-15587: Signature Spoofing in PGP encrypted email
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
924616: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924616
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: evolution
Severity: grave
Tags: security
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15587:
https://bugzilla.gnome.org/show_bug.cgi?id=796424
https://gitlab.gnome.org/GNOME/evolution/commit/9c55a311325f5905d8b8403b96607e46cf343f21
https://gitlab.gnome.org/GNOME/evolution/commit/f66cd3e1db301d264563b4222a3574e2e58e2b85
Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: evolution
Source-Version: 3.22.6-1+deb9u2
We believe that the bug you reported is fixed in the latest version of
evolution, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 924...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jonas Meurer <jo...@freesources.org> (supplier of updated evolution package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 06 Jun 2019 13:03:50 +0200
Source: evolution
Binary: evolution libevolution evolution-common evolution-dev evolution-plugins
evolution-plugins-experimental
Architecture: source all amd64
Version: 3.22.6-1+deb9u2
Distribution: stretch-security
Urgency: high
Maintainer: Debian Evolution Maintainers
<pkg-evolution-maintain...@lists.alioth.debian.org>
Changed-By: Jonas Meurer <jo...@freesources.org>
Description:
evolution - groupware suite with mail client and organizer
evolution-common - architecture independent files for Evolution
evolution-dev - development library files for Evolution
evolution-plugins - standard plugins for Evolution
evolution-plugins-experimental - experimental plugins for Evolution
libevolution - evolution libraries
Closes: 924616
Changes:
evolution (3.22.6-1+deb9u2) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* CVE-2018-15587: backport patches to mitigate possible signature/encryption
spoofing in PGP encrypted mail. (Closes: #924616)
+ [GPG] Mails that are not encrypted look encrypted
+ Show security bar above message headers
Checksums-Sha1:
a28b412bfc6c3491ebdf98568c7feb48e9b1ca4f 3758 evolution_3.22.6-1+deb9u2.dsc
797aa0a263e5f92079e20d3f5e9aa52dc58baccf 12288232 evolution_3.22.6.orig.tar.xz
a12d69423ed81144ea16f4d5fdc51ed039bbe6e2 37840
evolution_3.22.6-1+deb9u2.debian.tar.xz
a02c4ef493fb9371c5cbc5d2b2543d87504bfb9f 7429538
evolution-common_3.22.6-1+deb9u2_all.deb
0840dd68b26ebdaddf6c15eb16bc1beea6e32dbf 106456
evolution-dbgsym_3.22.6-1+deb9u2_amd64.deb
b9e13e82316d842c00464cacd94a1f959699258f 596080
evolution-dev_3.22.6-1+deb9u2_amd64.deb
971ab01dcfd30cf42132a610bcfc5e180d8ddf9c 385742
evolution-plugins-dbgsym_3.22.6-1+deb9u2_amd64.deb
40c1ba6564e2824792345a40e44f87df9dca1e48 18508
evolution-plugins-experimental-dbgsym_3.22.6-1+deb9u2_amd64.deb
31ff36d0ab3edfd06ccf73b9b99acc3a0a8ac9a7 39158
evolution-plugins-experimental_3.22.6-1+deb9u2_amd64.deb
a26c269491dd4f7e91f1efe743466ba67559c0ab 122676
evolution-plugins_3.22.6-1+deb9u2_amd64.deb
a6622c35a2aaa7f79b21525db3973c640ea6651f 23599
evolution_3.22.6-1+deb9u2_amd64.buildinfo
04af3b0d956ea2ad6d27bfe075a2fc6d9b1b3f2d 284912
evolution_3.22.6-1+deb9u2_amd64.deb
ad39811c71f640c5f4f6f535224c2c4c61e6d4bd 12667936
libevolution-dbgsym_3.22.6-1+deb9u2_amd64.deb
966dbdfe4ee125f605e5b9c1f69941cee33cdd15 2347066
libevolution_3.22.6-1+deb9u2_amd64.deb
Checksums-Sha256:
a17e7ec9067a2d5b534ef00b8616383b9b9e11b9281ea29c3c0798f73a3ac34f 3758
evolution_3.22.6-1+deb9u2.dsc
9f4be4a1d5ee4d5eb9b132cf751ba3afc833025aa6dc7baa1f9483489d8a943e 12288232
evolution_3.22.6.orig.tar.xz
4f1e8bce9cfa828b6314d4f3a3d0c5261ad91465766511e0efc6c612c66fec61 37840
evolution_3.22.6-1+deb9u2.debian.tar.xz
7fb06d6bab4e6d81cd4df9ad447cccc456f0b460d57ffe41f0dbf9df22454fc6 7429538
evolution-common_3.22.6-1+deb9u2_all.deb
2493c7609d564255d04a0e277fe92d4784b910bce8a1bb4aee69ba2845b03beb 106456
evolution-dbgsym_3.22.6-1+deb9u2_amd64.deb
e5d7147f2f315a1dd00f72b726bcf70339924b89c156252622e9cbb5eb18ffb1 596080
evolution-dev_3.22.6-1+deb9u2_amd64.deb
edcdbc8d26788d70a7661e611d3557168224246767ea6bf0f5672744d521c5c1 385742
evolution-plugins-dbgsym_3.22.6-1+deb9u2_amd64.deb
b24bb01a16caad9b84b222a86b09d6a7dc1b91f45662affe359270b0ba81ddf8 18508
evolution-plugins-experimental-dbgsym_3.22.6-1+deb9u2_amd64.deb
814018d997cf054442cf928aad6f68dc5727a528f288ede558d43e32e2f0ec84 39158
evolution-plugins-experimental_3.22.6-1+deb9u2_amd64.deb
7ed339ee82d2825809a83495f998adeb88cd88fbc82ce47f60384b6a3c859d96 122676
evolution-plugins_3.22.6-1+deb9u2_amd64.deb
d76a017eaa67eab97bc8c7ea0174798434375310357d0075aa43a3ff4e420e82 23599
evolution_3.22.6-1+deb9u2_amd64.buildinfo
c87d6820eb29d580b21131ba7486d2608847c6e9fd5cec08f69777c07747aa48 284912
evolution_3.22.6-1+deb9u2_amd64.deb
09437cdece9422a6b6dec94bd6c3f018eb7acf66af48d88ba78becd2caecca66 12667936
libevolution-dbgsym_3.22.6-1+deb9u2_amd64.deb
152068aec6a5ede7ec2d44563258840dd3e9b25edd1cd83660ad5ac2a25af764 2347066
libevolution_3.22.6-1+deb9u2_amd64.deb
Files:
0eb7533b2201a6e321905b8599716f35 3758 gnome optional
evolution_3.22.6-1+deb9u2.dsc
0b839838df678bc6e50b41059856fadb 12288232 gnome optional
evolution_3.22.6.orig.tar.xz
f97c2f7a5b4d02046671f6f197312a8c 37840 gnome optional
evolution_3.22.6-1+deb9u2.debian.tar.xz
0ca5323de40177114c38aea696d47e6d 7429538 gnome optional
evolution-common_3.22.6-1+deb9u2_all.deb
840c863de11895971ceed338ab84c560 106456 debug extra
evolution-dbgsym_3.22.6-1+deb9u2_amd64.deb
7cca63950bb2595d6da7f894a57d5624 596080 devel optional
evolution-dev_3.22.6-1+deb9u2_amd64.deb
c4ade26e4b2279b3ff485179b1d887c2 385742 debug extra
evolution-plugins-dbgsym_3.22.6-1+deb9u2_amd64.deb
88c455494c28242bbcd22acacb44e3a3 18508 debug extra
evolution-plugins-experimental-dbgsym_3.22.6-1+deb9u2_amd64.deb
f25f23e6983b0d68ff70eeb22ad8b69b 39158 gnome optional
evolution-plugins-experimental_3.22.6-1+deb9u2_amd64.deb
63f42a8993fcacee8d3101a14bb71a22 122676 gnome optional
evolution-plugins_3.22.6-1+deb9u2_amd64.deb
b3918be0a58b569cc6ce02db256999d4 23599 gnome optional
evolution_3.22.6-1+deb9u2_amd64.buildinfo
47a96b43daf24197af8a0bf5d764d4c1 284912 gnome optional
evolution_3.22.6-1+deb9u2_amd64.deb
81021c0ffb29a3aace65f3a624ef7e1d 12667936 debug extra
libevolution-dbgsym_3.22.6-1+deb9u2_amd64.deb
2e858e8c266bc1bf2d0cf997af8fa470 2347066 libs optional
libevolution_3.22.6-1+deb9u2_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEELIzSg9Pv30M4kOeDUmLn/0kQSf4FAlz5VK8ACgkQUmLn/0kQ
Sf5c5Q//T19lEGbrGpXQmrn00XMCUZiao+HgT3hY2T82tNPaC+vZZTQg+U2575Fb
H874Xd+UfFU9wWfdO9FRxXQDc8jOHh+nT1+W89kKPQcTm9nGRNGxs7oJuBiZozcp
0zPDtsFt10Sza5BKngnXZM3eYTyBItRs6yfi8JiwLJxfn+N38MDnXiPZJjqch7bN
fsJt00TWX1cNOMRAvnMISJdK86BGEgjlZejMRxsg50BL+ZTLCXemJA439nNHdej9
zIr8PU0vhJE9kWSzx9n6MKsxtWlljcJRre+Wl9qAZcehfpf3kTNVV7Mqkaqrnk5A
A4NilSToZLR1qgya1pKpy/kxaq9xeMZWav5K+isbm6FDEk6ovZB2g+vngCoez1h0
CCDqGJyUa6kTQUFtQNdcYDco7p9aZ//lPFMGp3ebVUd1fgwVFpNgJOh0PFTV2JGH
iQu+R9dnlb7qZnpFzOFehySWlQcKXNoxKIv1IYvaIHRmmMPZZvRzReiIyxkhwqU0
LT3f80MG5XKrWkSyIQyn7sOunLybfamH6AMEbZMs/zGnUPcBxW+ibIJW9ose8htt
3eJzJSoqfhgGtu+5/ZYrWYIUV9p0amNCq+RteHJLvmFniNV6hl5o3dR7m/YhMpAn
Erm/pjJdcyw5DqsN4NruAY+IVZkEPzAuNAV33Hib6GsS0PvvSIs=
=JvEw
-----END PGP SIGNATURE-----
--- End Message ---