Generate a security patch for Evolution CVE-2018-15587
|Reported by:||Douglas R. Reno||Owned by:||Douglas R. Reno|
I was just emailed privately by an Arch Linux developer regarding CVE-2018-15587 in Evolution, and two vulnerabilities in GDM (I'll file a separate ticket for that).
GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment.
You can find a patch here: [https://gitlab.gnome.org/GNOME/evolution/issues/120 [https://gitlab.gnome.org/GNOME/evolution/commit/9c55a311325f5905d8b8403b96607e46cf343f21] There is a possibility that you might not be able to backport it to 3.30 though, but I figured I would give you a heads up.