Evolution 2.22.3.1 checks S/MIME signatures against a copy of the e-mail text within a signed-data blob, not the copy of the e-mail text displayed to the user, which allows remote attackers to spoof a signature by modifying the latter copy, a different vulnerability than CVE-2008-5077.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Evolution | Evolution | 2.22.3.1 (including) | 2.22.3.1 (including) |
Red Hat Enterprise Linux 4 | RedHat | evolution28-evolution-data-server-0:1.8.0-37.el4_7.2 | * |
Red Hat Enterprise Linux 4 | RedHat | evolution-0:2.0.2-41.el4_7.2 | * |
Red Hat Enterprise Linux 4 | RedHat | evolution-data-server-0:1.0.2-14.el4_7.1 | * |
Red Hat Enterprise Linux 5 | RedHat | evolution-data-server-0:1.12.3-10.el5_3.3 | * |
Evolution-data-server | Ubuntu | dapper | * |
Evolution-data-server | Ubuntu | gutsy | * |
Evolution-data-server | Ubuntu | hardy | * |
Evolution-data-server | Ubuntu | intrepid | * |
Evolution-data-server | Ubuntu | upstream | * |