CVE-2007-1266

Currently unrated

Key Information:

Vendor: Gnome
Status: Evolution
Vendor: CVE Published:; 6 March 2007

Summary

Evolution 2.8.1 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Evolution from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.

References

http://lists.gnupg.org/pipermail/gnupg-users/2007-March/0...

mailing-listx_refsource_MLIST

http://securityreason.com/securityalert/2353

third-party-advisoryx_refsource_SREASON

http://www.securityfocus.com/archive/1/461958/30/7710/thr...

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Mar 6, 2007
Vulnerability Reserved
Mar 4, 2007