The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information.
References
Link | Resource |
---|---|
http://rhn.redhat.com/errata/RHSA-2013-1540.html | Third Party Advisory |
http://seclists.org/oss-sec/2013/q3/191 | Mailing List Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=973728 | Issue Tracking Third Party Advisory |
https://git.gnome.org/browse/evolution-data-server/commit/?h=gnome-3-8&id=f7059bb37dcce485d36d769142ec9515708d8ae5 | Patch Vendor Advisory |
https://git.gnome.org/browse/evolution-data-server/commit/?id=5d8b92c622f6927b253762ff9310479dd3ac627d | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2020-02-06T14:29:39
Updated: 2020-02-06T14:29:39
Reserved: 2013-06-12T00:00:00
Link: CVE-2013-4166
JSON object: View
NVD Information
Status : Modified
Published: 2020-02-06T15:15:10.310
Modified: 2023-02-13T00:28:34.797
Link: CVE-2013-4166
JSON object: View
Redhat Information
No data.
CWE