Univention Bugzilla – Bug 47542
evolution-data-server: Multiple issues (4.2)
Last modified: 2018-08-15 16:20:30 CEST
New Debian evolution-data-server 3.12.9~git20141128.5242b0-2+deb8u4 fixes: This update addresses the following issue(s): * * camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. The server code was intended to report an error and not proceed, but the code was written incorrectly. (CVE-2016-10727) CVE_2018-12422 is open 3.12.9~git20141128.5242b0-2+deb8u4 (Wed, 25 Jul 2018 12:06:29 +0800) * CVE-2016-10727: Prevent an issue where "STARTTLS not supported" errors from IMAP servers were ignored leading to the use of insecure connections without the user's knowledge or consent. * CVE-2016-10727 evolution-data-server: IMAPx Component Information Disclosure (CVE-2016-10727)
--- mirror/ftp/4.2/unmaintained/4.2-0/source/evolution-data-server_3.12.9~git20141128.5242b0-2+deb8u3.dsc +++ apt/ucs_4.2-0-errata4.2-4/source/evolution-data-server_3.12.9~git20141128.5242b0-2+deb8u4.dsc @@ -1,3 +1,9 @@ +3.12.9~git20141128.5242b0-2+deb8u4 [Wed, 25 Jul 2018 12:06:29 +0800] Chris Lamb <lamby@debian.org>: + + * CVE-2016-10727: Prevent an issue where "STARTTLS not supported" errors from + IMAP servers were ignored leading to the use of insecure connections + without the user's knowledge or consent. + 3.12.9~git20141128.5242b0-2+deb8u3 [Wed, 21 Dec 2016 18:31:01 +0100] Wouter Verhelst <wouter@debian.org>: * Non-maintainer upload. <http://10.200.17.11/4.2-4/#4394725897985531557>
OK: yaml OK: errata-announce OK: patch OK: piuparts [4.2-4] e5bbba52f3 Bug #47542: evolution-data-server 3.12.9~git20141128.5242b0-2+deb8u4 doc/errata/staging/evolution-data-server.yaml | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) [4.2-4] c94bef1b87 Bug #47542: evolution-data-server 3.12.9~git20141128.5242b0-2+deb8u4 doc/errata/staging/evolution-data-server.yaml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+)
<http://errata.software-univention.de/ucs/4.2/446.html>