oss-sec mailing list archives
Re: CVE Request (evolution)
From: "Steven M. Christey" <coley () linus mitre org>
Date: Thu, 21 May 2009 20:27:26 -0400 (EDT)
====================================================== Name: CVE-2009-1631 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1631 Reference: MLIST:[oss-security] 20090512 CVE Request (evolution) Reference: URL:http://www.openwall.com/lists/oss-security/2009/05/12/6 Reference: MISC:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526409 Reference: MISC:http://bugzilla.gnome.org/show_bug.cgi?id=581604 Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=498648 The Mailer component in Evolution 2.26.1 and earlier uses world-readable permissions for the .evolution directory, and certain directories and files under .evolution/ related to local mail, which allows local users to obtain sensitive information by reading these files.
Current thread:
- CVE Request (evolution) Josh Bressers (May 12)
- Re: CVE Request (evolution) Steven M. Christey (May 21)