Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: ee57d9cd by Salvatore Bonaccorso at 2021-03-01T09:03:10+01:00 Track status for CVE-2021-3349 This is disputed on GNOME Evolution side, and defered completely by upsream to GnuPG. Though the reporter claims that GnuPG aleady provides what would be needed to fix (additionally) in evolution. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -2897,7 +2897,13 @@ CVE-2021-3351 CVE-2021-3350 (deleteaccount.php in the Delete Account plugin 1.4 for MyBB allows XSS ...) NOT-FOR-US: Delete Account plugin for MyBB CVE-2021-3349 (** DISPUTED ** GNOME Evolution through 3.38.3 produces a "Valid signat ...) - TODO: check + - evolution <unfixed> (unimportant) + NOTE: GNOME Evlolution upstreams claims that the issue should be fixed completely + NOTE: on the GnuPG side, whilst the reporter claims theat GnuPG provides what is + NOTE: needed to adress it on evolution's side. + NOTE: https://dev.gnupg.org/T4735 + NOTE: https://gitlab.gnome.org/GNOME/evolution/-/issues/299 + NOTE: https://mgorny.pl/articles/evolution-uid-trust-extrapolation.html CVE-2021-26538 RESERVED CVE-2021-26537 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee57d9cd1bb843361df2a79c914f166a57963a47 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee57d9cd1bb843361df2a79c914f166a57963a47 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits