Mageia Bugzilla – Bug 10896
evolution-data-server new security issue CVE-2013-4166
Last modified: 2013-08-11 14:29:31 CEST
Ubuntu has issued an advisory on July 31:
Ubuntu has links to upstream patches for 3.8.x and 3.9.x and a patch for 3.6.x.
Mageia 2 and Mageia 3 are also affected.
Steps to Reproduce:
This is fixed upstream in 3.9.5, which we have in Cauldron.
Patched packages uploaded for Mageia 2 and Mageia 3.
Updated evolution-data-server packages fix security vulnerability:
Yves-Alexis Perez discovered that Evolution Data Server did not properly
select GPG recipients. Under certain circumstances, this could result in
Evolution encrypting email to an unintended recipient (CVE-2013-4166).
Updated packages in core/updates_testing:
Created attachment 4260 [details]
Screenshot showing that it's failing to find the public key.
Unless I've made a typo, that I'm just not seeing, this is not
working in my test on a Mageia 2 i586 vb guest (i2v).
Ignore comment 2. Finally noticed the typo. Missing e in homeip
As there is no indication what certain circumstances cause the wrong key to
be selected, just testing that it's working with gpg signed encrypted msgs.
Testing complete on Mageia 2 i586 and x86_64.
Testing complete on Mageia 3 i586 and x86_64.
Could someone from the sysadmin team push 10896.adv to updates.