evolution-data-server (3.18.5-1ubuntu1.2) xenial-security; urgency=medium
* SECURITY UPDATE: GPG email signature spoofing
- debian/patches/CVE-2018-15587-1.patch: Add more strict parsing for
output from gpg in src/camel/camel-gpg-context.c to ensure signatures
cannot be spoofed
- debian/patches/CVE-2018-15587-2.patch: Ensure decrypted output is
not truncated in src/camel/camel-gpg-context.c
- debian/patches/CVE-2018-15587-3.patch: Fix incomplete upstream patch in
src/camel/camel-gpg-context.c to ensure the entire message is read
Date: 2019-05-28 12:16:14.365200+00:00
Changed-By: Alex Murray <alex.mur...@canonical.com>
https://launchpad.net/ubuntu/+source/evolution-data-server/3.18.5-1ubuntu1.2
Sorry, changesfile not available.
--
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/xenial-changes
