oss-sec mailing list archives

Re: CVE Request (evolution)

From: "Steven M. Christey" <coley () linus mitre org>
Date: Thu, 21 May 2009 20:27:26 -0400 (EDT)


======================================================
Name: CVE-2009-1631
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1631
Reference: MLIST:[oss-security] 20090512 CVE Request (evolution)
Reference: URL:http://www.openwall.com/lists/oss-security/2009/05/12/6
Reference: MISC:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526409
Reference: MISC:http://bugzilla.gnome.org/show_bug.cgi?id=581604
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=498648

The Mailer component in Evolution 2.26.1 and earlier uses
world-readable permissions for the .evolution directory, and certain
directories and files under .evolution/ related to local mail, which
allows local users to obtain sensitive information by reading these
files.

Current thread:

CVE Request (evolution) Josh Bressers (May 12)
- Re: CVE Request (evolution) Steven M. Christey (May 21)