CVE-2018-15587

Name
CVE-2018-15587
Description
GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Exploit https://bugzilla.gnome.org/show_bug.cgi?id=796424
Mailing List https://lists.debian.org/debian-lts-announce/2019/04/msg00027.html
Mailing List http://www.openwall.com/lists/oss-security/2019/04/30/4
Mailing List http://seclists.org/fulldisclosure/2019/Apr/38
Third Party Advisory http://packetstormsecurity.com/files/152703/Johnny-You-Are-Fired.html
MISC https://github.com/RUB-NDS/Johnny-You-Are-Fired/blob/master/paper/johnny-fired.pdf
MISC https://github.com/RUB-NDS/Johnny-You-Are-Fired
SUSE http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00047.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00061.html
UBUNTU https://usn.ubuntu.com/3998-1/
DEBIAN https://www.debian.org/security/2019/dsa-4457
SUSE http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00024.html
BUGTRAQ https://seclists.org/bugtraq/2019/Jun/7

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:gnome:evolution:*:*:*:*:*:*:*:* evolution >= None <= 3.28.2

Vulnerable and fixed packages

Source package Branch Version Maintainer Status