CVE-2018-15587

Published: Feb 11, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://bugzilla.gnome.org/show_bug.cgi?id=796424

x_refsource_MISC

[debian-lts-announce] 20190426 [SECURITY] [DLA 1766-1] evolution security update

mailing-list

x_refsource_MLIST

[oss-security] 20190430 Spoofing OpenPGP and S/MIME Signatures in Emails (multiple clients)

mailing-list

x_refsource_MLIST

20190430 OpenPGP and S/MIME signature forgery attacks in multiple email clients

mailing-list

x_refsource_FULLDISC

http://packetstormsecurity.com/files/152703/Johnny-You-Are-Fired.html

x_refsource_MISC

https://github.com/RUB-NDS/Johnny-You-Are-Fired

x_refsource_MISC

https://github.com/RUB-NDS/Johnny-You-Are-Fired/blob/master/paper/johnny-fired.pdf

x_refsource_MISC

openSUSE-SU-2019:1431

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2019:1453

vendor-advisory

x_refsource_SUSE

USN-3998-1

vendor-advisory

x_refsource_UBUNTU

DSA-4457

vendor-advisory

x_refsource_DEBIAN

openSUSE-SU-2019:1528

vendor-advisory

x_refsource_SUSE

20190609 [SECURITY] [DSA 4457-1] evolution security update

mailing-list

x_refsource_BUGTRAQ

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2018-15587

Description

Affected Products

References