| 2012-08-16 16:41:05 |
Jamie Strandboge |
bug |
|
|
added bug |
| 2012-08-16 16:42:36 |
Jamie Strandboge |
description |
Evolution now uses webkit for html mail in 12.10. On launch, it tries to access the google-talkplugin. When looking at a certain messages in preview mode (a google calendar invite), it tries to launch /usr/lib/x86_64-linux-gnu/gstreamer0.10/gstreamer-0.10/gst-plugin-scanner. Interestingly, this is happening even though I have 'Only ever show plain text' configured in Preferences/Mail Preferences/HTML Messages (I do have 'Show suppressed HTML parts as attachments' selected).
This suggests that evolution:
- would gladly use plugins
- that javascript is possibly enabled (for the plugin finder)
- that the WebKit HTML renderer is being invoked even though 'Only ever show plain text' is selected
Webkit is an immensely powerful renderer and it is being used to render completely untrusted input from anyone who can send an email. We need to make sure that plugins and javascript are disabled and that the renderer is not being used at all when 'Only ever show plain text' is enabled (it could be used to deliver text/plain, but it seems that it is processing the HTML then discarding it). This would bring it in line with Thunderbird's policies.
I noticed this because I use AppArmor to confine evolution. Unfortunately in my situation, evolution hung on the message that invoked the plugin finder because the plugin finder failed to launch. I have rules now that will prevent the hang, but evolution is handling this gracefully either.
This should be considered an important security regression. |
Evolution now uses webkit for html mail in 12.10. On launch, it tries to access the google-talkplugin. When looking at a certain messages in preview mode (a google calendar invite), it tries to launch /usr/lib/x86_64-linux-gnu/gstreamer0.10/gstreamer-0.10/gst-plugin-scanner. Interestingly, this is happening even though I have 'Only ever show plain text' configured in Preferences/Mail Preferences/HTML Messages (I do have 'Show suppressed HTML parts as attachments' selected).
This suggests that evolution:
- would gladly use plugins
- that javascript is possibly enabled (for the plugin finder)
- that the WebKit HTML renderer is being invoked even though 'Only ever show plain text' is selected
Webkit is an immensely powerful renderer and it is being used to render completely untrusted input from anyone who can send an email. We need to make sure that plugins and javascript are disabled and that the renderer is not being used at all when 'Only ever show plain text' is enabled (it could be used to deliver text/plain, but it seems that it is processing the HTML then discarding it). This would bring it in line with Thunderbird's policies.
I noticed this because I use AppArmor to confine evolution. Unfortunately in my situation, evolution hung on the message that invoked the plugin finder because the plugin finder failed to launch. I have rules now that will prevent the hang, but evolution isn't handling this error condition gracefully either.
This should be considered an important security regression. |
|
| 2012-08-17 20:38:11 |
Jamie Strandboge |
evolution (Ubuntu): status |
New |
Confirmed |
|
| 2012-08-29 05:31:48 |
todaioan |
bug task added |
|
evolution (Debian) |
|
| 2012-09-13 06:15:03 |
Didier Roche-Tolomelli |
nominated for series |
|
Ubuntu Quantal |
|
| 2012-09-13 06:15:03 |
Didier Roche-Tolomelli |
bug task added |
|
evolution (Ubuntu Quantal) |
|
| 2012-09-13 06:15:27 |
Didier Roche-Tolomelli |
evolution (Ubuntu Quantal): assignee |
|
Mathieu Trudel-Lapierre (mathieu-tl) |
|
| 2012-09-13 06:15:32 |
Didier Roche-Tolomelli |
evolution (Ubuntu Quantal): milestone |
|
ubuntu-12.10-beta-2 |
|
| 2012-09-13 06:16:13 |
Didier Roche-Tolomelli |
tags |
regression-release rls-q-incoming |
regression-release |
|
| 2012-09-17 15:31:20 |
Mathieu Trudel-Lapierre |
evolution (Ubuntu Quantal): status |
Confirmed |
In Progress |
|
| 2012-09-17 20:16:56 |
Mathieu Trudel-Lapierre |
bug watch added |
|
https://bugzilla.gnome.org/show_bug.cgi?id=684245 |
|
| 2012-09-17 20:17:22 |
Mathieu Trudel-Lapierre |
bug task added |
|
evolution |
|
| 2012-09-17 20:17:32 |
Mathieu Trudel-Lapierre |
evolution (Ubuntu Quantal): status |
In Progress |
Triaged |
|
| 2012-09-17 21:18:31 |
Bug Watch Updater |
evolution: status |
Unknown |
New |
|
| 2012-09-17 21:18:31 |
Bug Watch Updater |
evolution: importance |
Unknown |
Medium |
|
| 2012-09-22 01:55:27 |
Mathieu Trudel-Lapierre |
evolution (Ubuntu Quantal): status |
Triaged |
In Progress |
|
| 2012-09-28 19:30:18 |
Launchpad Janitor |
evolution (Ubuntu Quantal): status |
In Progress |
Fix Released |
|
| 2012-10-01 11:47:25 |
Launchpad Janitor |
branch linked |
|
lp:~ubuntu-desktop/evolution/ubuntu |
|
| 2013-03-21 18:36:59 |
Bug Watch Updater |
evolution: status |
New |
Confirmed |
|
| 2013-03-21 21:21:02 |
Launchpad Janitor |
branch linked |
|
lp:~mathieu-tl/ubuntu/raring/evolution/3.6.4 |
|
| 2013-03-29 21:37:22 |
Bug Watch Updater |
evolution: status |
Confirmed |
Fix Released |
|
