Debian Bug report logs -
#926712
evolution-ews: CVE-2019-3890
Reported by: Sylvain Beucler <beuc@beuc.net>
Date: Tue, 9 Apr 2019 13:57:02 UTC
Severity: grave
Tags: patch, security
Found in version evolution-ews/3.30.5-1
Fixed in version evolution-ews/3.31.90-1
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>
:
Bug#926712
; Package evolution-ews
.
(Tue, 09 Apr 2019 13:57:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Sylvain Beucler <beuc@beuc.net>
:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>
.
(Tue, 09 Apr 2019 13:57:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: evolution-ews
Version: 3.30.5-1
X-Debbugs-CC: team@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for evolution-ews.
CVE-2019-3890[0]:
No description was found (try on a search engine)
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-3890
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3890
https://gitlab.gnome.org/GNOME/evolution-ews/issues/27
https://gitlab.gnome.org/GNOME/evolution-ews/issues/36
https://bugzilla.redhat.com/show_bug.cgi?id=1678313
Note: depends on evolution-data-server patch
Cheers!
Sylvain Beucler / Debian LTS
Marked as fixed in versions evolution-ews/3.31.90-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Tue, 09 Apr 2019 14:51:09 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>
:
Bug#926712
; Package evolution-ews
.
(Mon, 17 Jun 2019 10:42:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Luca Boccassi <bluca@debian.org>
:
Extra info received and forwarded to list. Copy sent to Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>
.
(Mon, 17 Jun 2019 10:42:03 GMT) (full text, mbox, link).
Message #12 received at 926712@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
On Tue, 9 Apr 2019 15:52:52 +0200 Sylvain Beucler <
beuc@beuc.net
> wrote:
> Package: evolution-ews
> Version: 3.30.5-1
> X-Debbugs-CC:
team@security.debian.org
> Severity: grave
> Tags: security
>
> Hi,
>
> The following vulnerability was published for evolution-ews.
>
> CVE-2019-3890[0]:
> No description was found (try on a search engine)
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> For further information see:
>
> [0]
https://security-tracker.debian.org/tracker/CVE-2019-3890
>
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3890
>
https://gitlab.gnome.org/GNOME/evolution-ews/issues/27
>
https://gitlab.gnome.org/GNOME/evolution-ews/issues/36
>
https://bugzilla.redhat.com/show_bug.cgi?id=1678313
> Note: depends on evolution-data-server patch
>
> Cheers!
> Sylvain Beucler / Debian LTS
Dear Maintainers,
I have backported the required patches and tested them on Buster, they
seem to work fine.
I have opened PRs against the 2 repos on Salsa, but they both require a
new debian/buster branch to be created as debian/master has moved on to
new releases:
https://salsa.debian.org/gnome-team/evolution-data-server/merge_requests/1
https://salsa.debian.org/gnome-team/evolution-ews/merge_requests/2
It would be great if we could have evolution-ews in Buster, as it's the
only way to use exchange/o365 for Debian users.
Thanks!
--
Kind regards,
Luca Boccassi
[signature.asc (application/pgp-signature, inline)]
Added tag(s) patch.
Request was from Luca Boccassi <bluca@debian.org>
to control@bugs.debian.org
.
(Mon, 17 Jun 2019 10:51:02 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 16:37:51 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.