From a93a0cc763ab7edb8110d2a56864dcfcdfb95ccb Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Mon, 1 Mar 2021 09:03:10 +0100 Subject: Track status for CVE-2021-3349 This is disputed on GNOME Evolution side, and defered completely by upsream to GnuPG. Though the reporter claims that GnuPG aleady provides what would be needed to fix (additionally) in evolution. --- data/CVE/2021.list | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 0c901d024a..f42f44a28e 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -2829,7 +2829,13 @@ CVE-2021-3351 CVE-2021-3350 (deleteaccount.php in the Delete Account plugin 1.4 for MyBB allows XSS ...) NOT-FOR-US: Delete Account plugin for MyBB CVE-2021-3349 (** DISPUTED ** GNOME Evolution through 3.38.3 produces a "Valid signat ...) - TODO: check + - evolution (unimportant) + NOTE: GNOME Evlolution upstreams claims that the issue should be fixed completely + NOTE: on the GnuPG side, whilst the reporter claims theat GnuPG provides what is + NOTE: needed to adress it on evolution's side. + NOTE: https://dev.gnupg.org/T4735 + NOTE: https://gitlab.gnome.org/GNOME/evolution/-/issues/299 + NOTE: https://mgorny.pl/articles/evolution-uid-trust-extrapolation.html CVE-2021-26538 RESERVED CVE-2021-26537 -- cgit v1.2.3