[Git][security-tracker-team/security-tracker][master] mark efail as unimportant for evolution

Mon, 20 Aug 2018 05:51:43 -0700 

Yves-Alexis Perez pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4b6ee29a by Yves-Alexis Perez at 2018-08-20T12:51:06Z
mark efail as unimportant for evolution

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -35836,7 +35836,7 @@ CVE-2017-17689 (The S/MIME specification allows a 
Cipher Block Chaining (CBC) ..
        - thunderbird <unfixed> (bug #898631)
        [stretch] - thunderbird <postponed> (Wait until fixed in upstream 
release)
        [jessie] - thunderbird <postponed> (Wait until fixed in upstream 
release)
-       - evolution <unfixed> (bug #898633)
+       - evolution <unfixed> (bug #898633; unimportant)
        - kmail <unfixed> (bug #898634)
        - kf5-messagelib <unfixed> (bug #899127)
        [stretch] - kf5-messagelib <no-dsa> (Defaults to secure handling, 
change to disable it entirely can be fixed via spu)
@@ -35845,6 +35845,7 @@ CVE-2017-17689 (The S/MIME specification allows a 
Cipher Block Chaining (CBC) ..
        NOTE: https://efail.de
        NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=796135
        NOTE: https://dot.kde.org/2018/05/15/efail-and-kmail
+       NOTE: protocol vulnerability can't be fixed in implementations but they 
can't prevent exploitation by disabling loading of remote content
 CVE-2017-17688 (** DISPUTED ** The OpenPGP specification allows a Cipher 
Feedback Mode ...)
        - enigmail <unfixed> (bug #898630)
        NOTE: vulnerability is in the clients handling, not in OpenPGP



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4b6ee29a5e8f1cd055f750514271d21c527c9624

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4b6ee29a5e8f1cd055f750514271d21c527c9624
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to