[Evolution] Bug#445968: evolution: known certificates not bound to mail accounts/hostnames
Hanspeter Kunz
hkunz at ifi.uzh.ch
Tue Oct 9 13:00:06 UTC 2007
Package: evolution
Version: 2.12.0-2
Severity: normal
Hi,
evolution does not check if a known certificate belongs to the mail
account/hostname.
Consider the following scenario:
evolution is configured with two imap accounts to imap.server1.com and
imap.server2.org, and evolution is configured to trust the certificates
of both servers.
If for some reason imap.server1.com is resolved to the IP of
imap.server2.org (by dns poisoning, or, for testing purposes, by an
entry in /etc/hosts for example) evolution does not complain about the
changed certificate for imap.server1.com, because the "new certificate"
is already known. But this "new certificate", although it might be a
valid one, it is not the one that should be expected. Evolution should
verify if the certificate actually comes from the host that was
configured, or it should check if the certificate was accepted for that
mail account.
cheers,
Hp.
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1,
'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.22-2-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages evolution depends on:
ii dbus 1.1.1-3 simple interprocess
messaging syst
ii evolution-common 2.12.0-2 architecture independent
files for
ii evolution-data-server 1.12.0-1 evolution database backend
server
ii gconf2 2.20.0-1 GNOME configuration
database syste
ii gnome-icon-theme 2.20.0-1 GNOME Desktop icon theme
ii gtkhtml3.14 3.16.0-2 HTML rendering/editing
library - b
ii libart-2.0-2 2.3.19-3 Library of functions for 2D
graphi
ii libatk1.0-0 1.20.0-1 The ATK accessibility
toolkit
ii libbonobo2-0 2.20.0-1 Bonobo CORBA interfaces
library
ii libbonoboui2-0 2.20.0-1 The Bonobo UI library
ii libc6 2.6.1-5 GNU C Library: Shared
libraries
ii libcairo2 1.4.10-1 The Cairo 2D vector
graphics libra
ii libcamel1.2-10 1.12.0-1 The Evolution MIME message
handlin
ii libdbus-1-3 1.1.1-3 simple interprocess
messaging syst
ii libdbus-glib-1-2 0.74-1 simple interprocess
messaging syst
ii libebook1.2-9 1.12.0-1 Client library for
evolution addre
ii libecal1.2-7 1.12.0-1 Client library for
evolution calen
ii libedataserver1.2-9 1.12.0-1 Utility library for
evolution data
ii libedataserverui1.2-8 1.12.0-1 GUI utility library for
evolution
ii libegroupwise1.2-13 1.12.0-1 Client library for
accessing group
ii libexchange-storage1.2- 1.12.0-1 Backend library for
evolution cale
ii libfontconfig1 2.4.2-1.2 generic font configuration
library
ii libfreetype6 2.3.5-1+b1 FreeType 2 font engine,
shared lib
ii libgconf2-4 2.20.0-1 GNOME configuration
database syste
ii libglade2-0 1:2.6.2-1 library to load .glade
files at ru
ii libglib2.0-0 2.14.1-5 The GLib library of C
routines
ii libgnome-pilot2 2.0.15-2 Support libraries for
gnome-pilot
ii libgnome2-0 2.20.0-1 The GNOME 2 library -
runtime file
ii libgnomecanvas2-0 2.20.0-1 A powerful object-oriented
display
ii libgnomeui-0 2.20.0-1 The GNOME 2 libraries (User
Interf
ii libgnomevfs2-0 1:2.20.0-2 GNOME Virtual File System
(runtime
ii libgnutls13 2.0.1-1 the GNU TLS library -
runtime libr
ii libgtk2.0-0 2.12.0-2 The GTK+ graphical user
interface
ii libgtkhtml3.14-19 3.16.0-2 HTML rendering/editing
library - r
ii libhal1 0.5.9.1-6 Hardware Abstraction Layer
- share
ii libice6 2:1.0.4-1 X11 Inter-Client Exchange
library
ii libldap2 2.1.30.dfsg-13.5 OpenLDAP libraries
ii libnm-glib0 0.6.5-2 network management
framework (GLib
ii libnotify1 [libnotify1- 0.4.4-3 sends desktop notifications
to a n
ii libnspr4-0d 4.6.7-1 NetScape Portable Runtime
Library
ii libnss3-0d 3.11.7-1 Network Security Service
libraries
ii liborbit2 1:2.14.7-0.1 libraries for ORBit2 - a
CORBA ORB
ii libpango1.0-0 1.18.2-2 Layout and rendering of
internatio
ii libpisock9 0.12.2-10 library for communicating
with a P
ii libpisync0 0.12.2-10 synchronization library for
PalmOS
ii libpng12-0 1.2.15~beta5-2 PNG library - runtime
ii libpopt0 1.10-3 lib for parsing cmdline
parameters
ii libsm6 2:1.0.3-1+b1 X11 Session Management
library
ii libsoup2.2-8 2.2.101-1 an HTTP library
implementation in
ii libx11-6 2:1.0.3-7 X11 client-side library
ii libxcomposite1 1:0.3.2-1+b1 X11 Composite extension
library
ii libxcursor1 1:1.1.9-1 X cursor management library
ii libxdamage1 1:1.1.1-3 X11 damaged region
extension libra
ii libxext6 1:1.0.3-2 X11 miscellaneous extension
librar
ii libxfixes3 1:4.0.3-2 X11 miscellaneous 'fixes'
extensio
ii libxi6 2:1.1.3-1 X11 Input extension library
ii libxinerama1 1:1.0.2-1 X11 Xinerama extension
library
ii libxml2 2.6.30.dfsg-2 GNOME XML library
ii libxrandr2 2:1.2.2-1 X11 RandR extension library
ii libxrender1 1:0.9.4-1 X Rendering Extension
client libra
ii zlib1g 1:1.2.3.3.dfsg-6 compression library -
runtime
Versions of packages evolution recommends:
ii evolution-plugins 2.12.0-2 standard plugins for
Evolution
ii gnome-desktop-data 2.20.0-2 Common files for GNOME 2
desktop a
ii gnome-pilot-conduits 2.0.15-1 conduits for gnome-pilot
ii spamassassin 3.2.1-1 Perl-based spam filter
using text
ii yelp 2.20.0-1 Help browser for GNOME 2
-- no debconf information
More information about the Pkg-evolution-maintainers
mailing list