Track status for CVE-2021-3349

This is disputed on GNOME Evolution side, and defered completely by upsream to GnuPG. Though the reporter claims that GnuPG aleady provides what would be needed to fix (additionally) in evolution.
author: Salvatore Bonaccorso <carnil@debian.org> 2021-03-01 09:03:10 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2021-03-01 09:03:10 +0100
commit: a93a0cc763ab7edb8110d2a56864dcfcdfb95ccb (patch)
tree: 0629489fbc9de5502fab450529638a10ee771f87
parent: 45dc42284d40f14be498a962f9f7e33bb394d332 (diff)
1 files changed, 7 insertions, 1 deletions
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index 0c901d024a..f42f44a28e 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -2829,7 +2829,13 @@ CVE-2021-3351
 CVE-2021-3350 (deleteaccount.php in the Delete Account plugin 1.4 for MyBB allows XSS ...)
 	NOT-FOR-US: Delete Account plugin for MyBB
 CVE-2021-3349 (** DISPUTED ** GNOME Evolution through 3.38.3 produces a "Valid signat ...)
-	TODO: check
+	- evolution <unfixed> (unimportant)
+	NOTE: GNOME Evlolution upstreams claims that the issue should be fixed completely
+	NOTE: on the GnuPG side, whilst the reporter claims theat GnuPG provides what is
+	NOTE: needed to adress it on evolution's side.
+	NOTE: https://dev.gnupg.org/T4735
+	NOTE: https://gitlab.gnome.org/GNOME/evolution/-/issues/299
+	NOTE: https://mgorny.pl/articles/evolution-uid-trust-extrapolation.html
 CVE-2021-26538
 	RESERVED
 CVE-2021-26537
author	Salvatore Bonaccorso <carnil@debian.org>	2021-03-01 09:03:10 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2021-03-01 09:03:10 +0100
commit	a93a0cc763ab7edb8110d2a56864dcfcdfb95ccb (patch)
tree	0629489fbc9de5502fab450529638a10ee771f87
parent	45dc42284d40f14be498a962f9f7e33bb394d332 (diff)