Your message dated Fri, 07 Jun 2019 10:02:09 +0000 with message-id <e1hzbhj-00087v...@fasolo.debian.org> and subject line Bug#924616: fixed in evolution 3.22.6-1+deb9u2 has caused the Debian Bug report #924616, regarding CVE-2018-15587: Signature Spoofing in PGP encrypted email to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 924616: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924616 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: evolution Severity: grave Tags: security https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15587: https://bugzilla.gnome.org/show_bug.cgi?id=796424 https://gitlab.gnome.org/GNOME/evolution/commit/9c55a311325f5905d8b8403b96607e46cf343f21 https://gitlab.gnome.org/GNOME/evolution/commit/f66cd3e1db301d264563b4222a3574e2e58e2b85 Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: evolution Source-Version: 3.22.6-1+deb9u2 We believe that the bug you reported is fixed in the latest version of evolution, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 924...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Jonas Meurer <jo...@freesources.org> (supplier of updated evolution package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 06 Jun 2019 13:03:50 +0200 Source: evolution Binary: evolution libevolution evolution-common evolution-dev evolution-plugins evolution-plugins-experimental Architecture: source all amd64 Version: 3.22.6-1+deb9u2 Distribution: stretch-security Urgency: high Maintainer: Debian Evolution Maintainers <pkg-evolution-maintain...@lists.alioth.debian.org> Changed-By: Jonas Meurer <jo...@freesources.org> Description: evolution - groupware suite with mail client and organizer evolution-common - architecture independent files for Evolution evolution-dev - development library files for Evolution evolution-plugins - standard plugins for Evolution evolution-plugins-experimental - experimental plugins for Evolution libevolution - evolution libraries Closes: 924616 Changes: evolution (3.22.6-1+deb9u2) stretch-security; urgency=high . * Non-maintainer upload by the Security Team. * CVE-2018-15587: backport patches to mitigate possible signature/encryption spoofing in PGP encrypted mail. (Closes: #924616) + [GPG] Mails that are not encrypted look encrypted + Show security bar above message headers Checksums-Sha1: a28b412bfc6c3491ebdf98568c7feb48e9b1ca4f 3758 evolution_3.22.6-1+deb9u2.dsc 797aa0a263e5f92079e20d3f5e9aa52dc58baccf 12288232 evolution_3.22.6.orig.tar.xz a12d69423ed81144ea16f4d5fdc51ed039bbe6e2 37840 evolution_3.22.6-1+deb9u2.debian.tar.xz a02c4ef493fb9371c5cbc5d2b2543d87504bfb9f 7429538 evolution-common_3.22.6-1+deb9u2_all.deb 0840dd68b26ebdaddf6c15eb16bc1beea6e32dbf 106456 evolution-dbgsym_3.22.6-1+deb9u2_amd64.deb b9e13e82316d842c00464cacd94a1f959699258f 596080 evolution-dev_3.22.6-1+deb9u2_amd64.deb 971ab01dcfd30cf42132a610bcfc5e180d8ddf9c 385742 evolution-plugins-dbgsym_3.22.6-1+deb9u2_amd64.deb 40c1ba6564e2824792345a40e44f87df9dca1e48 18508 evolution-plugins-experimental-dbgsym_3.22.6-1+deb9u2_amd64.deb 31ff36d0ab3edfd06ccf73b9b99acc3a0a8ac9a7 39158 evolution-plugins-experimental_3.22.6-1+deb9u2_amd64.deb a26c269491dd4f7e91f1efe743466ba67559c0ab 122676 evolution-plugins_3.22.6-1+deb9u2_amd64.deb a6622c35a2aaa7f79b21525db3973c640ea6651f 23599 evolution_3.22.6-1+deb9u2_amd64.buildinfo 04af3b0d956ea2ad6d27bfe075a2fc6d9b1b3f2d 284912 evolution_3.22.6-1+deb9u2_amd64.deb ad39811c71f640c5f4f6f535224c2c4c61e6d4bd 12667936 libevolution-dbgsym_3.22.6-1+deb9u2_amd64.deb 966dbdfe4ee125f605e5b9c1f69941cee33cdd15 2347066 libevolution_3.22.6-1+deb9u2_amd64.deb Checksums-Sha256: a17e7ec9067a2d5b534ef00b8616383b9b9e11b9281ea29c3c0798f73a3ac34f 3758 evolution_3.22.6-1+deb9u2.dsc 9f4be4a1d5ee4d5eb9b132cf751ba3afc833025aa6dc7baa1f9483489d8a943e 12288232 evolution_3.22.6.orig.tar.xz 4f1e8bce9cfa828b6314d4f3a3d0c5261ad91465766511e0efc6c612c66fec61 37840 evolution_3.22.6-1+deb9u2.debian.tar.xz 7fb06d6bab4e6d81cd4df9ad447cccc456f0b460d57ffe41f0dbf9df22454fc6 7429538 evolution-common_3.22.6-1+deb9u2_all.deb 2493c7609d564255d04a0e277fe92d4784b910bce8a1bb4aee69ba2845b03beb 106456 evolution-dbgsym_3.22.6-1+deb9u2_amd64.deb e5d7147f2f315a1dd00f72b726bcf70339924b89c156252622e9cbb5eb18ffb1 596080 evolution-dev_3.22.6-1+deb9u2_amd64.deb edcdbc8d26788d70a7661e611d3557168224246767ea6bf0f5672744d521c5c1 385742 evolution-plugins-dbgsym_3.22.6-1+deb9u2_amd64.deb b24bb01a16caad9b84b222a86b09d6a7dc1b91f45662affe359270b0ba81ddf8 18508 evolution-plugins-experimental-dbgsym_3.22.6-1+deb9u2_amd64.deb 814018d997cf054442cf928aad6f68dc5727a528f288ede558d43e32e2f0ec84 39158 evolution-plugins-experimental_3.22.6-1+deb9u2_amd64.deb 7ed339ee82d2825809a83495f998adeb88cd88fbc82ce47f60384b6a3c859d96 122676 evolution-plugins_3.22.6-1+deb9u2_amd64.deb d76a017eaa67eab97bc8c7ea0174798434375310357d0075aa43a3ff4e420e82 23599 evolution_3.22.6-1+deb9u2_amd64.buildinfo c87d6820eb29d580b21131ba7486d2608847c6e9fd5cec08f69777c07747aa48 284912 evolution_3.22.6-1+deb9u2_amd64.deb 09437cdece9422a6b6dec94bd6c3f018eb7acf66af48d88ba78becd2caecca66 12667936 libevolution-dbgsym_3.22.6-1+deb9u2_amd64.deb 152068aec6a5ede7ec2d44563258840dd3e9b25edd1cd83660ad5ac2a25af764 2347066 libevolution_3.22.6-1+deb9u2_amd64.deb Files: 0eb7533b2201a6e321905b8599716f35 3758 gnome optional evolution_3.22.6-1+deb9u2.dsc 0b839838df678bc6e50b41059856fadb 12288232 gnome optional evolution_3.22.6.orig.tar.xz f97c2f7a5b4d02046671f6f197312a8c 37840 gnome optional evolution_3.22.6-1+deb9u2.debian.tar.xz 0ca5323de40177114c38aea696d47e6d 7429538 gnome optional evolution-common_3.22.6-1+deb9u2_all.deb 840c863de11895971ceed338ab84c560 106456 debug extra evolution-dbgsym_3.22.6-1+deb9u2_amd64.deb 7cca63950bb2595d6da7f894a57d5624 596080 devel optional evolution-dev_3.22.6-1+deb9u2_amd64.deb c4ade26e4b2279b3ff485179b1d887c2 385742 debug extra evolution-plugins-dbgsym_3.22.6-1+deb9u2_amd64.deb 88c455494c28242bbcd22acacb44e3a3 18508 debug extra evolution-plugins-experimental-dbgsym_3.22.6-1+deb9u2_amd64.deb f25f23e6983b0d68ff70eeb22ad8b69b 39158 gnome optional evolution-plugins-experimental_3.22.6-1+deb9u2_amd64.deb 63f42a8993fcacee8d3101a14bb71a22 122676 gnome optional evolution-plugins_3.22.6-1+deb9u2_amd64.deb b3918be0a58b569cc6ce02db256999d4 23599 gnome optional evolution_3.22.6-1+deb9u2_amd64.buildinfo 47a96b43daf24197af8a0bf5d764d4c1 284912 gnome optional evolution_3.22.6-1+deb9u2_amd64.deb 81021c0ffb29a3aace65f3a624ef7e1d 12667936 debug extra libevolution-dbgsym_3.22.6-1+deb9u2_amd64.deb 2e858e8c266bc1bf2d0cf997af8fa470 2347066 libs optional libevolution_3.22.6-1+deb9u2_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEELIzSg9Pv30M4kOeDUmLn/0kQSf4FAlz5VK8ACgkQUmLn/0kQ Sf5c5Q//T19lEGbrGpXQmrn00XMCUZiao+HgT3hY2T82tNPaC+vZZTQg+U2575Fb H874Xd+UfFU9wWfdO9FRxXQDc8jOHh+nT1+W89kKPQcTm9nGRNGxs7oJuBiZozcp 0zPDtsFt10Sza5BKngnXZM3eYTyBItRs6yfi8JiwLJxfn+N38MDnXiPZJjqch7bN fsJt00TWX1cNOMRAvnMISJdK86BGEgjlZejMRxsg50BL+ZTLCXemJA439nNHdej9 zIr8PU0vhJE9kWSzx9n6MKsxtWlljcJRre+Wl9qAZcehfpf3kTNVV7Mqkaqrnk5A A4NilSToZLR1qgya1pKpy/kxaq9xeMZWav5K+isbm6FDEk6ovZB2g+vngCoez1h0 CCDqGJyUa6kTQUFtQNdcYDco7p9aZ//lPFMGp3ebVUd1fgwVFpNgJOh0PFTV2JGH iQu+R9dnlb7qZnpFzOFehySWlQcKXNoxKIv1IYvaIHRmmMPZZvRzReiIyxkhwqU0 LT3f80MG5XKrWkSyIQyn7sOunLybfamH6AMEbZMs/zGnUPcBxW+ibIJW9ose8htt 3eJzJSoqfhgGtu+5/ZYrWYIUV9p0amNCq+RteHJLvmFniNV6hl5o3dR7m/YhMpAn Erm/pjJdcyw5DqsN4NruAY+IVZkEPzAuNAV33Hib6GsS0PvvSIs= =JvEw -----END PGP SIGNATURE-----
--- End Message ---
