Overview

File _patchinfo of Package patchinfo.18659

<patchinfo incident="18659">
  <issue tracker="bnc" id="1173910">VUL-0: CVE-2020-14928: evolution-data-server: Response Injection via STARTTLS in SMTP and POP3</issue>
  <issue tracker="bnc" id="1182882">evolution-ews crashes when parsing XML data</issue>
  <issue tracker="bnc" id="1174712">VUL-1: CVE-2020-16117: evolution-data-server: a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid CAPABILITY line</issue>
  <issue tracker="cve" id="2020-14928"/>
  <issue tracker="cve" id="2020-16117"/>
  <packager>mgorse</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for evolution-data-server</summary>
  <description>This update for evolution-data-server fixes the following issues:

- Fix buffer overrun when parsing base64 data (bsc#1182882).
- CVE-2020-16117: Fix crash on malformed server response with minimal capabilities (bsc#1174712).
- CVE-2020-14928: Response injection via STARTTLS in SMTP and POP3 (bsc#1173910).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places