-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : evolution-data-server Version : 3.12.9~git20141128.5242b0-2+deb8u4 CVE IDs : CVE-2016-10727
It was discovered that there was a protocol implementation error in evolution-data-server where "STARTTLS not supported" errors from IMAP servers were ignored leading to the use of insecure connections without the user's knowledge or consent. For Debian 8 "Jessie", this issue has been fixed in evolution-data-server version 3.12.9~git20141128.5242b0-2+deb8u4. We recommend that you upgrade your evolution-data-server packages. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAltYC6MACgkQHpU+J9Qx HliOqA/+NcP9dzBck3aynMmcZK3gvNrIzcr55oHICzd7nOirNLoruPr2ZErdPFHT LfB6rJBG32rqMDGDZafo5k8zggduBSMpw2ZEXjzFMTRpVqpHIYDJAgMR956otVOO 1htoXEYe0vPzx3W7GzejkiezmiG0yZOAsOzZj5OCu1kpl9otn5z5DxOJYQtPsO6x EUNH6ulcyB6OXg0eiUmdl+Ubqm0plNZXWBJ+KDTpr4agj7FPbLIt88TA94e5g8Y0 1JfPd/mJvVDrkZtUs/5jPH+MUIiJtZ7+xEExnbPuIjZOz4EfbDuXwfWFuX93lrVL 6PSuMECgYZrRsjdn8BAHcdCyodTOO5JgZ9ivmP1Q4kZHC+AiBMG66g6kicVsF/D8 EXKYso5Sn/DCdK1U0hIY0rRibl8erJ82W9OCJOx4u4RaOmwyNzs5Lsh/8fBp5yrf 24Jyqy/2YcVnfHuUaASFMpuKjFGC2keMmc52ZTeVnZaTaV4/VlAeoiEzCEAnxgHk AOlESYzUJWLDRBbnplUM2CX8ZvDuZ3LCD5E/m4MaaTHTh/2KsZ+Blsw2q4/xn/hh 19Eq5JeXC0J+tEhBUJhZ7302E+sIpuPguYVaZ0MPWxloNLqf09OjW7lgzQlQHX5I 5pC+Yc7vfoBhrtV/x727b4V/p5aMdP50/rFz61aHBzGHqjebIq0= =kP3R -----END PGP SIGNATURE-----