Vulnerabilities > CVE-2013-4166 - Information Exposure vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
gnome
redhat
CWE-200
nessus

Summary

The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information.

Vulnerable Configurations

Part Description Count
Application
Gnome
273
OS
Redhat
3

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Subverting Environment Variable Values
    The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
  • Footprinting
    An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
  • Exploiting Trust in Client (aka Make the Client Invisible)
    An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
  • Browser Fingerprinting
    An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1922-1.NASL
    descriptionYves-Alexis Perez discovered that Evolution Data Server did not properly select GPG recipients. Under certain circumstances, this could result in Evolution encrypting email to an unintended recipient. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id69174
    published2013-08-01
    reporterUbuntu Security Notice (C) 2013-2020 Canonical, Inc. / NASL script (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/69174
    titleUbuntu 12.04 LTS / 12.10 / 13.04 : evolution-data-server vulnerability (USN-1922-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2013-1540.NASL
    descriptionFrom Red Hat Security Advisory 2013:1540 : Updated evolution packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Evolution is the integrated collection of email, calendaring, contact management, communications, and personal information management (PIM) tools for the GNOME desktop environment. A flaw was found in the way Evolution selected GnuPG public keys when encrypting emails. This could result in emails being encrypted with public keys other than the one belonging to the intended recipient. (CVE-2013-4166) The Evolution packages have been upgraded to upstream version 2.32.3, which provides a number of bug fixes and enhancements over the previous version. These changes include implementation of Gnome XDG Config Folders, and support for Exchange Web Services (EWS) protocol to connect to Microsoft Exchange servers. EWS support has been added as a part of the evolution-exchange packages. (BZ#883010, BZ#883014, BZ#883015, BZ#883017, BZ#524917, BZ#524921, BZ#883044) The gtkhtml3 packages have been upgraded to upstream version 2.32.2, which provides a number of bug fixes and enhancements over the previous version. (BZ#883019) The libgdata packages have been upgraded to upstream version 0.6.4, which provides a number of bug fixes and enhancements over the previous version. (BZ#883032) This update also fixes the following bug : * The Exchange Calendar could not fetch the
    last seen2020-06-01
    modified2020-06-02
    plugin id71126
    published2013-11-29
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71126
    titleOracle Linux 6 : evolution (ELSA-2013-1540)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2013-1540.NASL
    descriptionUpdated evolution packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Evolution is the integrated collection of email, calendaring, contact management, communications, and personal information management (PIM) tools for the GNOME desktop environment. A flaw was found in the way Evolution selected GnuPG public keys when encrypting emails. This could result in emails being encrypted with public keys other than the one belonging to the intended recipient. (CVE-2013-4166) The Evolution packages have been upgraded to upstream version 2.32.3, which provides a number of bug fixes and enhancements over the previous version. These changes include implementation of Gnome XDG Config Folders, and support for Exchange Web Services (EWS) protocol to connect to Microsoft Exchange servers. EWS support has been added as a part of the evolution-exchange packages. (BZ#883010, BZ#883014, BZ#883015, BZ#883017, BZ#524917, BZ#524921, BZ#883044) The gtkhtml3 packages have been upgraded to upstream version 2.32.2, which provides a number of bug fixes and enhancements over the previous version. (BZ#883019) The libgdata packages have been upgraded to upstream version 0.6.4, which provides a number of bug fixes and enhancements over the previous version. (BZ#883032) This update also fixes the following bug : * The Exchange Calendar could not fetch the
    last seen2020-06-01
    modified2020-06-02
    plugin id79158
    published2014-11-12
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79158
    titleCentOS 6 : cheese / control-center / ekiga / evolution / evolution-data-server / etcgnome-panel / etc (CESA-2013:1540)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20131121_EVOLUTION_ON_SL6_X.NASL
    descriptionA flaw was found in the way Evolution selected GnuPG public keys when encrypting emails. This could result in emails being encrypted with public keys other than the one belonging to the intended recipient. (CVE-2013-4166) The Evolution packages have been upgraded to upstream version 2.32.3, which provides a number of bug fixes and enhancements over the previous version. These changes include implementation of Gnome XDG Config Folders, and support for Exchange Web Services (EWS) protocol to connect to Microsoft Exchange servers. EWS support has been added as a part of the evolution-exchange packages. The gtkhtml3 packages have been upgraded to upstream version 2.32.2, which provides a number of bug fixes and enhancements over the previous version. The libgdata packages have been upgraded to upstream version 0.6.4, which provides a number of bug fixes and enhancements over the previous version. This update also fixes the following bug : - The Exchange Calendar could not fetch the
    last seen2020-03-18
    modified2013-12-10
    plugin id71298
    published2013-12-10
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71298
    titleScientific Linux Security Update : evolution on SL6.x i386/x86_64 (20131121)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-1540.NASL
    descriptionUpdated evolution packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Evolution is the integrated collection of email, calendaring, contact management, communications, and personal information management (PIM) tools for the GNOME desktop environment. A flaw was found in the way Evolution selected GnuPG public keys when encrypting emails. This could result in emails being encrypted with public keys other than the one belonging to the intended recipient. (CVE-2013-4166) The Evolution packages have been upgraded to upstream version 2.32.3, which provides a number of bug fixes and enhancements over the previous version. These changes include implementation of Gnome XDG Config Folders, and support for Exchange Web Services (EWS) protocol to connect to Microsoft Exchange servers. EWS support has been added as a part of the evolution-exchange packages. (BZ#883010, BZ#883014, BZ#883015, BZ#883017, BZ#524917, BZ#524921, BZ#883044) The gtkhtml3 packages have been upgraded to upstream version 2.32.2, which provides a number of bug fixes and enhancements over the previous version. (BZ#883019) The libgdata packages have been upgraded to upstream version 0.6.4, which provides a number of bug fixes and enhancements over the previous version. (BZ#883032) This update also fixes the following bug : * The Exchange Calendar could not fetch the
    last seen2020-06-01
    modified2020-06-02
    plugin id71001
    published2013-11-21
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71001
    titleRHEL 6 : evolution (RHSA-2013:1540)

Redhat

advisories
bugzilla
id1014677
titleSearch filter persists when changing folders
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 6 is installed
      ovaloval:com.redhat.rhba:tst:20111656003
    • OR
      • AND
        • commentcheese is earlier than 0:2.28.1-8.el6
          ovaloval:com.redhat.rhsa:tst:20131540001
        • commentcheese is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20131540002
      • AND
        • commentcontrol-center-filesystem is earlier than 1:2.28.1-39.el6
          ovaloval:com.redhat.rhsa:tst:20131540003
        • commentcontrol-center-filesystem is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20131540004
      • AND
        • commentcontrol-center-extra is earlier than 1:2.28.1-39.el6
          ovaloval:com.redhat.rhsa:tst:20131540005
        • commentcontrol-center-extra is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20131540006
      • AND
        • commentcontrol-center is earlier than 1:2.28.1-39.el6
          ovaloval:com.redhat.rhsa:tst:20131540007
        • commentcontrol-center is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20131540008
      • AND
        • commentcontrol-center-devel is earlier than 1:2.28.1-39.el6
          ovaloval:com.redhat.rhsa:tst:20131540009
        • commentcontrol-center-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20131540010
      • AND
        • commentgnome-panel-libs is earlier than 0:2.30.2-15.el6
          ovaloval:com.redhat.rhsa:tst:20131540011
        • commentgnome-panel-libs is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20131540012
      • AND
        • commentgnome-panel is earlier than 0:2.30.2-15.el6
          ovaloval:com.redhat.rhsa:tst:20131540013
        • commentgnome-panel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20131540014
      • AND
        • commentgnome-panel-devel is earlier than 0:2.30.2-15.el6
          ovaloval:com.redhat.rhsa:tst:20131540015
        • commentgnome-panel-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20131540016
      • AND
        • commentnautilus-sendto is earlier than 0:2.28.2-4.el6
          ovaloval:com.redhat.rhsa:tst:20131540017
        • commentnautilus-sendto is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20131540018
      • AND
        • commentnautilus-sendto-devel is earlier than 0:2.28.2-4.el6
          ovaloval:com.redhat.rhsa:tst:20131540019
        • commentnautilus-sendto-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20131540020
      • AND
        • commentpidgin-perl is earlier than 0:2.7.9-11.el6
          ovaloval:com.redhat.rhsa:tst:20131540021
        • commentpidgin-perl is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20192044048
      • AND
        • commentpidgin-docs is earlier than 0:2.7.9-11.el6
          ovaloval:com.redhat.rhsa:tst:20131540023
        • commentpidgin-docs is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20100890004
      • AND
        • commentlibpurple-perl is earlier than 0:2.7.9-11.el6
          ovaloval:com.redhat.rhsa:tst:20131540025
        • commentlibpurple-perl is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20192044036
      • AND
        • commentlibpurple-tcl is earlier than 0:2.7.9-11.el6
          ovaloval:com.redhat.rhsa:tst:20131540027
        • commentlibpurple-tcl is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20192044038
      • AND
        • commentfinch is earlier than 0:2.7.9-11.el6
          ovaloval:com.redhat.rhsa:tst:20131540029
        • commentfinch is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20192044032
      • AND
        • commentpidgin-devel is earlier than 0:2.7.9-11.el6
          ovaloval:com.redhat.rhsa:tst:20131540031
        • commentpidgin-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20192044034
      • AND
        • commentlibpurple-devel is earlier than 0:2.7.9-11.el6
          ovaloval:com.redhat.rhsa:tst:20131540033
        • commentlibpurple-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20192044042
      • AND
        • commentfinch-devel is earlier than 0:2.7.9-11.el6
          ovaloval:com.redhat.rhsa:tst:20131540035
        • commentfinch-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20192044046
      • AND
        • commentlibpurple is earlier than 0:2.7.9-11.el6
          ovaloval:com.redhat.rhsa:tst:20131540037
        • commentlibpurple is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20192044040
      • AND
        • commentpidgin is earlier than 0:2.7.9-11.el6
          ovaloval:com.redhat.rhsa:tst:20131540039
        • commentpidgin is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20192044044
      • AND
        • commentplanner-devel is earlier than 0:0.14.4-10.el6
          ovaloval:com.redhat.rhsa:tst:20131540041
        • commentplanner-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20131540042
      • AND
        • commentplanner-eds is earlier than 0:0.14.4-10.el6
          ovaloval:com.redhat.rhsa:tst:20131540043
        • commentplanner-eds is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20131540044
      • AND
        • commentplanner is earlier than 0:0.14.4-10.el6
          ovaloval:com.redhat.rhsa:tst:20131540045
        • commentplanner is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20131540046
      • AND
        • commentgnome-python2-rsvg is earlier than 0:2.28.0-5.el6
          ovaloval:com.redhat.rhsa:tst:20131540047
        • commentgnome-python2-rsvg is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20131540048
      • AND
        • commentgnome-python2-desktop is earlier than 0:2.28.0-5.el6
          ovaloval:com.redhat.rhsa:tst:20131540049
        • commentgnome-python2-desktop is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20131540050
      • AND
        • commentgnome-python2-libwnck is earlier than 0:2.28.0-5.el6
          ovaloval:com.redhat.rhsa:tst:20131540051
        • commentgnome-python2-libwnck is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20131540052
      • AND
        • commentgnome-python2-gnomekeyring is earlier than 0:2.28.0-5.el6
          ovaloval:com.redhat.rhsa:tst:20131540053
        • commentgnome-python2-gnomekeyring is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20131540054
      • AND
        • commentgnome-python2-bugbuddy is earlier than 0:2.28.0-5.el6
          ovaloval:com.redhat.rhsa:tst:20131540055
        • commentgnome-python2-bugbuddy is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20131540056
      • AND
        • commentgnome-python2-applet is earlier than 0:2.28.0-5.el6
          ovaloval:com.redhat.rhsa:tst:20131540057
        • commentgnome-python2-applet is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20131540058
      • AND
        • commentgnome-python2-gnomeprint is earlier than 0:2.28.0-5.el6
          ovaloval:com.redhat.rhsa:tst:20131540059
        • commentgnome-python2-gnomeprint is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20131540060
      • AND
        • commentgnome-python2-evolution is earlier than 0:2.28.0-5.el6
          ovaloval:com.redhat.rhsa:tst:20131540061
        • commentgnome-python2-evolution is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20131540062
      • AND
        • commentgnome-python2-libgtop2 is earlier than 0:2.28.0-5.el6
          ovaloval:com.redhat.rhsa:tst:20131540063
        • commentgnome-python2-libgtop2 is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20131540064
      • AND
        • commentgnome-python2-gnomedesktop is earlier than 0:2.28.0-5.el6
          ovaloval:com.redhat.rhsa:tst:20131540065
        • commentgnome-python2-gnomedesktop is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20131540066
      • AND
        • commentgnome-python2-metacity is earlier than 0:2.28.0-5.el6
          ovaloval:com.redhat.rhsa:tst:20131540067
        • commentgnome-python2-metacity is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20131540068
      • AND
        • commentgnome-python2-evince is earlier than 0:2.28.0-5.el6
          ovaloval:com.redhat.rhsa:tst:20131540069
        • commentgnome-python2-evince is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20131540070
      • AND
        • commentgnome-python2-brasero is earlier than 0:2.28.0-5.el6
          ovaloval:com.redhat.rhsa:tst:20131540071
        • commentgnome-python2-brasero is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20131540072
      • AND
        • commentgnome-python2-gtksourceview is earlier than 0:2.28.0-5.el6
          ovaloval:com.redhat.rhsa:tst:20131540073
        • commentgnome-python2-gtksourceview is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20131540074
      • AND
        • commentgnome-python2-totem is earlier than 0:2.28.0-5.el6
          ovaloval:com.redhat.rhsa:tst:20131540075
        • commentgnome-python2-totem is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20131540076
      • AND
        • commentekiga is earlier than 0:3.2.6-4.el6
          ovaloval:com.redhat.rhsa:tst:20131540077
        • commentekiga is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20131540078
      • AND
        • commenttotem-upnp is earlier than 0:2.28.6-4.el6
          ovaloval:com.redhat.rhsa:tst:20131540079
        • commenttotem-upnp is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20131540080
      • AND
        • commenttotem-nautilus is earlier than 0:2.28.6-4.el6
          ovaloval:com.redhat.rhsa:tst:20131540081
        • commenttotem-nautilus is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20131540082
      • AND
        • commenttotem-mozplugin is earlier than 0:2.28.6-4.el6
          ovaloval:com.redhat.rhsa:tst:20131540083
        • commenttotem-mozplugin is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20131540084
      • AND
        • commenttotem is earlier than 0:2.28.6-4.el6
          ovaloval:com.redhat.rhsa:tst:20131540085
        • commenttotem is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20131540086
      • AND
        • commenttotem-devel is earlier than 0:2.28.6-4.el6
          ovaloval:com.redhat.rhsa:tst:20131540087
        • commenttotem-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20131540088
      • AND
        • commenttotem-youtube is earlier than 0:2.28.6-4.el6
          ovaloval:com.redhat.rhsa:tst:20131540089
        • commenttotem-youtube is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20131540090
      • AND
        • commenttotem-jamendo is earlier than 0:2.28.6-4.el6
          ovaloval:com.redhat.rhsa:tst:20131540091
        • commenttotem-jamendo is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20131540092
      • AND
        • commentlibgdata-devel is earlier than 0:0.6.4-2.el6
          ovaloval:com.redhat.rhsa:tst:20131540093
        • commentlibgdata-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20131540094
      • AND
        • commentlibgdata is earlier than 0:0.6.4-2.el6
          ovaloval:com.redhat.rhsa:tst:20131540095
        • commentlibgdata is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20131540096
      • AND
        • commentgtkhtml3 is earlier than 0:3.32.2-2.el6
          ovaloval:com.redhat.rhsa:tst:20131540097
        • commentgtkhtml3 is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20131540098
      • AND
        • commentgtkhtml3-devel is earlier than 0:3.32.2-2.el6
          ovaloval:com.redhat.rhsa:tst:20131540099
        • commentgtkhtml3-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20131540100
      • AND
        • commentevolution-data-server-doc is earlier than 0:2.32.3-18.el6
          ovaloval:com.redhat.rhsa:tst:20131540101
        • commentevolution-data-server-doc is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20162206018
      • AND
        • commentevolution-data-server-devel is earlier than 0:2.32.3-18.el6
          ovaloval:com.redhat.rhsa:tst:20131540103
        • commentevolution-data-server-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20162206020
      • AND
        • commentevolution-data-server is earlier than 0:2.32.3-18.el6
          ovaloval:com.redhat.rhsa:tst:20131540105
        • commentevolution-data-server is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20162206016
      • AND
        • commentevolution-pst is earlier than 0:2.32.3-30.el6
          ovaloval:com.redhat.rhsa:tst:20131540107
        • commentevolution-pst is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20130516004
      • AND
        • commentevolution-perl is earlier than 0:2.32.3-30.el6
          ovaloval:com.redhat.rhsa:tst:20131540109
        • commentevolution-perl is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20130516010
      • AND
        • commentevolution-spamassassin is earlier than 0:2.32.3-30.el6
          ovaloval:com.redhat.rhsa:tst:20131540111
        • commentevolution-spamassassin is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20130516008
      • AND
        • commentevolution-devel is earlier than 0:2.32.3-30.el6
          ovaloval:com.redhat.rhsa:tst:20131540113
        • commentevolution-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20130516006
      • AND
        • commentevolution-devel-docs is earlier than 0:2.32.3-30.el6
          ovaloval:com.redhat.rhsa:tst:20131540115
        • commentevolution-devel-docs is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20131540116
      • AND
        • commentevolution is earlier than 0:2.32.3-30.el6
          ovaloval:com.redhat.rhsa:tst:20131540117
        • commentevolution is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20130516012
      • AND
        • commentevolution-help is earlier than 0:2.32.3-30.el6
          ovaloval:com.redhat.rhsa:tst:20131540119
        • commentevolution-help is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20130516014
      • AND
        • commentopenchange is earlier than 0:1.0-6.el6
          ovaloval:com.redhat.rhsa:tst:20131540121
        • commentopenchange is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20162206002
      • AND
        • commentopenchange-client is earlier than 0:1.0-6.el6
          ovaloval:com.redhat.rhsa:tst:20131540123
        • commentopenchange-client is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20162206008
      • AND
        • commentopenchange-devel-docs is earlier than 0:1.0-6.el6
          ovaloval:com.redhat.rhsa:tst:20131540125
        • commentopenchange-devel-docs is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20162206004
      • AND
        • commentopenchange-devel is earlier than 0:1.0-6.el6
          ovaloval:com.redhat.rhsa:tst:20131540127
        • commentopenchange-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20162206006
      • AND
        • commentevolution-mapi is earlier than 0:0.32.2-12.el6
          ovaloval:com.redhat.rhsa:tst:20131540129
        • commentevolution-mapi is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20162206012
      • AND
        • commentevolution-mapi-devel is earlier than 0:0.32.2-12.el6
          ovaloval:com.redhat.rhsa:tst:20131540131
        • commentevolution-mapi-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20162206014
      • AND
        • commentevolution-exchange is earlier than 0:2.32.3-16.el6
          ovaloval:com.redhat.rhsa:tst:20131540133
        • commentevolution-exchange is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20131540134
rhsa
idRHSA-2013:1540
released2013-11-20
severityLow
titleRHSA-2013:1540: evolution security, bug fix, and enhancement update (Low)
rpms
  • cheese-0:2.28.1-8.el6
  • cheese-debuginfo-0:2.28.1-8.el6
  • control-center-1:2.28.1-39.el6
  • control-center-debuginfo-1:2.28.1-39.el6
  • control-center-devel-1:2.28.1-39.el6
  • control-center-extra-1:2.28.1-39.el6
  • control-center-filesystem-1:2.28.1-39.el6
  • ekiga-0:3.2.6-4.el6
  • ekiga-debuginfo-0:3.2.6-4.el6
  • evolution-0:2.32.3-30.el6
  • evolution-data-server-0:2.32.3-18.el6
  • evolution-data-server-debuginfo-0:2.32.3-18.el6
  • evolution-data-server-devel-0:2.32.3-18.el6
  • evolution-data-server-doc-0:2.32.3-18.el6
  • evolution-debuginfo-0:2.32.3-30.el6
  • evolution-devel-0:2.32.3-30.el6
  • evolution-devel-docs-0:2.32.3-30.el6
  • evolution-exchange-0:2.32.3-16.el6
  • evolution-exchange-debuginfo-0:2.32.3-16.el6
  • evolution-help-0:2.32.3-30.el6
  • evolution-mapi-0:0.32.2-12.el6
  • evolution-mapi-debuginfo-0:0.32.2-12.el6
  • evolution-mapi-devel-0:0.32.2-12.el6
  • evolution-perl-0:2.32.3-30.el6
  • evolution-pst-0:2.32.3-30.el6
  • evolution-spamassassin-0:2.32.3-30.el6
  • finch-0:2.7.9-11.el6
  • finch-devel-0:2.7.9-11.el6
  • gnome-panel-0:2.30.2-15.el6
  • gnome-panel-debuginfo-0:2.30.2-15.el6
  • gnome-panel-devel-0:2.30.2-15.el6
  • gnome-panel-libs-0:2.30.2-15.el6
  • gnome-python2-applet-0:2.28.0-5.el6
  • gnome-python2-brasero-0:2.28.0-5.el6
  • gnome-python2-bugbuddy-0:2.28.0-5.el6
  • gnome-python2-desktop-0:2.28.0-5.el6
  • gnome-python2-desktop-debuginfo-0:2.28.0-5.el6
  • gnome-python2-evince-0:2.28.0-5.el6
  • gnome-python2-evolution-0:2.28.0-5.el6
  • gnome-python2-gnomedesktop-0:2.28.0-5.el6
  • gnome-python2-gnomekeyring-0:2.28.0-5.el6
  • gnome-python2-gnomeprint-0:2.28.0-5.el6
  • gnome-python2-gtksourceview-0:2.28.0-5.el6
  • gnome-python2-libgtop2-0:2.28.0-5.el6
  • gnome-python2-libwnck-0:2.28.0-5.el6
  • gnome-python2-metacity-0:2.28.0-5.el6
  • gnome-python2-rsvg-0:2.28.0-5.el6
  • gnome-python2-totem-0:2.28.0-5.el6
  • gtkhtml3-0:3.32.2-2.el6
  • gtkhtml3-debuginfo-0:3.32.2-2.el6
  • gtkhtml3-devel-0:3.32.2-2.el6
  • libgdata-0:0.6.4-2.el6
  • libgdata-debuginfo-0:0.6.4-2.el6
  • libgdata-devel-0:0.6.4-2.el6
  • libpurple-0:2.7.9-11.el6
  • libpurple-devel-0:2.7.9-11.el6
  • libpurple-perl-0:2.7.9-11.el6
  • libpurple-tcl-0:2.7.9-11.el6
  • nautilus-sendto-0:2.28.2-4.el6
  • nautilus-sendto-debuginfo-0:2.28.2-4.el6
  • nautilus-sendto-devel-0:2.28.2-4.el6
  • openchange-0:1.0-6.el6
  • openchange-client-0:1.0-6.el6
  • openchange-debuginfo-0:1.0-6.el6
  • openchange-devel-0:1.0-6.el6
  • openchange-devel-docs-0:1.0-6.el6
  • pidgin-0:2.7.9-11.el6
  • pidgin-debuginfo-0:2.7.9-11.el6
  • pidgin-devel-0:2.7.9-11.el6
  • pidgin-docs-0:2.7.9-11.el6
  • pidgin-perl-0:2.7.9-11.el6
  • planner-0:0.14.4-10.el6
  • planner-debuginfo-0:0.14.4-10.el6
  • planner-devel-0:0.14.4-10.el6
  • planner-eds-0:0.14.4-10.el6
  • totem-0:2.28.6-4.el6
  • totem-debuginfo-0:2.28.6-4.el6
  • totem-devel-0:2.28.6-4.el6
  • totem-jamendo-0:2.28.6-4.el6
  • totem-mozplugin-0:2.28.6-4.el6
  • totem-nautilus-0:2.28.6-4.el6
  • totem-upnp-0:2.28.6-4.el6
  • totem-youtube-0:2.28.6-4.el6