Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2020-14928

evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection."

Related bugs and status

CVE-2020-14928 (Candidate) is related to these bugs:

Bug #1886644: SRU the current 3.36.4 stable update

Summary				In	Importance	Status
	1886644	SRU the current 3.36.4 stable update		evolution-data-server (Ubuntu)	High	Fix Released
	1886644	SRU the current 3.36.4 stable update		evolution-data-server (Ubuntu Focal)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://bugzilla.suse....
CONFIRM: https://gitlab.gnome.o...
CONFIRM: https://gitlab.gnome.o...
CONFIRM: https://lists.debian.o...
CONFIRM: https://security-track...
CONFIRM: https://security-track...
DEBIAN: DSA-4725
MISC: https://gitlab.gnome.o...
UBUNTU: USN-4429-1
FEDORA: FEDORA-2020-45041afb19