Debian Evolution vulnerabilities

CVE-2021-3349 [LOW] CVE-2021-3349: evolution - GNOME Evolution through 3.38.3 produces a "Valid signature" message for an unkno... GNOME Evolution through 3.38.3 produces a "Valid signature" message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API. NOTE: third parties dispute the significance of this issue, and dispute whether Evolution is the best place to change this behavior Scope: local bookworm: open bullseye: op

CVE-2020-11879 [MEDIUM] CVE-2020-11879: evolution - An issue was discovered in GNOME Evolution before 3.35.91. By using the propriet... An issue was discovered in GNOME Evolution before 3.35.91. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make Evolution attach local files or directories to a composed email message without showing a warning to the user, as demonstrated by an attach=. value. Scope: local bookworm: resolved (

CVE-2018-15587 [MEDIUM] CVE-2018-15587: evolution - GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for ... GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment. Scope: local bookworm: resolved (fixed in 3.30.5-1.1) bullseye: resolved (fixed in 3.30.5-1.1) forky: resolved (fixed in 3.30.5-1.1) sid: resolved (

CVE-2017-17689 [MEDIUM] CVE-2017-17689: evolution - The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadge... The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2013-4166 [HIGH] CVE-2013-4166: evolution - The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evoluti... The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information. Scope: local bookworm: open bullse

CVE-2011-3201 [MEDIUM] CVE-2011-3201: evolution - GNOME Evolution before 3.2.3 allows user-assisted remote attackers to read arbit... GNOME Evolution before 3.2.3 allows user-assisted remote attackers to read arbitrary files via the attachment parameter to a mailto: URL, which attaches the file to the email. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2009-1631 [LOW] CVE-2009-1631: evolution - The Mailer component in Evolution 2.26.1 and earlier uses world-readable permiss... The Mailer component in Evolution 2.26.1 and earlier uses world-readable permissions for the .evolution directory, and certain directories and files under .evolution/ related to local mail, which allows local users to obtain sensitive information by reading these files. Scope: local bookworm: resolved (fixed in 2.29.90-1) bullseye: resolved (fixed in 2.29.90-1) forky

CVE-2008-0072 [MEDIUM] CVE-2008-0072: evolution - Format string vulnerability in the emf_multipart_encrypted function in mail/em-f... Format string vulnerability in the emf_multipart_encrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbitrary code via a crafted encrypted message, as demonstrated using the Version field. Scope: local bookworm: resolved (fixed in 2.12.3-1.1) bullseye: resolved (fixed in 2.12.3-1.1) forky: resolved (fixed in 2

CVE-2008-1109 [CRITICAL] CVE-2008-1109: evolution - Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attac... Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window). Scope: local bookworm: resolved (fixed in 2.22.2-1.1) bullseye: resolved (fixed in 2.22.2-1.1) fork

CVE-2008-1108 [HIGH] CVE-2008-1108: evolution - Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled,... Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled, allows remote attackers to execute arbitrary code via a long timezone string in an iCalendar attachment. Scope: local bookworm: resolved (fixed in 2.22.2-1.1) bullseye: resolved (fixed in 2.22.2-1.1) forky: resolved (fixed in 2.22.2-1.1) sid: resolved (fixed in 2.22.2-1.1) trixie: resol

CVE-2007-1002 [MEDIUM] CVE-2007-1002: evolution - Format string vulnerability in the write_html function in calendar/gui/e-cal-com... Format string vulnerability in the write_html function in calendar/gui/e-cal-component-memo-preview.c in Evolution Shared Memo 2.8.2.1, and possibly earlier versions, allows user-assisted remote attackers to execute arbitrary code via format specifiers in the categories of a crafted shared memo. Scope: local bookworm: resolved (fixed in 2.10.2-1) bullseye: resolve

CVE-2007-3257 [MEDIUM] CVE-2007-3257: evolution - Camel (camel-imap-folder.c) in the mailer component for Evolution Data Server 1.... Camel (camel-imap-folder.c) in the mailer component for Evolution Data Server 1.11 allows remote IMAP servers to execute arbitrary code via a negative SEQUENCE value in GData, which is used as an array index. Scope: local bookworm: resolved (fixed in 2.12.0-1) bullseye: resolved (fixed in 2.12.0-1) forky: resolved (fixed in 2.12.0-1) sid: resolved (fixed in 2.12.0

CVE-2007-1266 [MEDIUM] CVE-2007-1266: evolution - Evolution 2.8.1 and earlier does not properly use the --status-fd argument when ... Evolution 2.8.1 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Evolution from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. Scope: local bookworm: open bullseye: open forky:

CVE-2006-0528 [MEDIUM] CVE-2006-0528: evolution - The cairo library (libcairo), as used in GNOME Evolution and possibly other prod... The cairo library (libcairo), as used in GNOME Evolution and possibly other products, allows remote attackers to cause a denial of service (persistent client crash) via an attached text file that contains "Content-Disposition: inline" in the header, and a very long line in the body, which causes the client to repeatedly crash until the e-mail message is manually r

CVE-2006-0040 [MEDIUM] CVE-2006-0040: evolution - GNOME Evolution 2.4.2.1 and earlier allows remote attackers to cause a denial of... GNOME Evolution 2.4.2.1 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a text e-mail with a large number of URLs, possibly due to unknown problems in gtkhtml. Scope: local bookworm: resolved (fixed in 2.10.1) bullseye: resolved (fixed in 2.10.1) forky: resolved (fixed in 2.10.1) sid: resolved (fixed in 2.10.1) tri

CVE-2006-2789 [LOW] CVE-2006-2789: evolution - Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when "load images if sender in a... Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when "load images if sender in addressbook" is enabled, allows remote attackers to cause a denial of service (persistent crash) via a crafted "From" header that triggers an assert error in camel-internet-address.c when a null pointer is used. Scope: local bookworm: resolved (fixed in 2.4.0-1) bullseye: resolved (fixed i

CVE-2005-0102 [CRITICAL] CVE-2005-0102: evolution - Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier allows loca... Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier allows local users or remote malicious POP3 servers to execute arbitrary code via a length value of -1, which leads to a zero byte memory allocation and a buffer overflow. Scope: local bookworm: resolved (fixed in 2.0.3-1.2) bullseye: resolved (fixed in 2.0.3-1.2) forky: resolved (fixed in 2.0.

CVE-2005-2549 [HIGH] CVE-2005-2549: evolution - Multiple format string vulnerabilities in Evolution 1.5 through 2.3.6.1 allow re... Multiple format string vulnerabilities in Evolution 1.5 through 2.3.6.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) full vCard data, (2) contact data from remote LDAP servers, or (3) task list data from remote servers. Scope: local bookworm: resolved (fixed in 2.2.3-3) bullseye: resolved (fixed in 2.2.3-3)

CVE-2005-2550 [HIGH] CVE-2005-2550: evolution - Format string vulnerability in Evolution 1.4 through 2.3.6.1 allows remote attac... Format string vulnerability in Evolution 1.4 through 2.3.6.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the calendar entries such as task lists, which are not properly handled when the user selects the Calendars tab. Scope: local bookworm: resolved (fixed in 2.2.3-3) bullseye: resolved (fixed in 2.2.3-3) fork

CVE-2005-0806 [MEDIUM] CVE-2005-0806: evolution - Evolution 2.0.3 allows remote attackers to cause a denial of service (applicatio... Evolution 2.0.3 allows remote attackers to cause a denial of service (application crash or hang) via crafted messages, possibly involving charsets in attachment filenames. Scope: local bookworm: resolved (fixed in 2.0.4-2) bullseye: resolved (fixed in 2.0.4-2) forky: resolved (fixed in 2.0.4-2) sid: resolved (fixed in 2.0.4-2) trixie: resolved (fixed in 2.0.4-2)