[Evolution] Bug#526409: CVE-2009-1631: world-readable permissions for the .evolution directory
Giuseppe Iuculano
giuseppe at iuculano.it
Tue Aug 4 15:31:25 UTC 2009
Hi,
this issue got a CVE (Common Vulnerabilities & Exposures).
CVE-2009-1631[0]:
| The Mailer component in Evolution 2.26.1 and earlier uses
| world-readable permissions for the .evolution directory, and certain
| directories and files under .evolution/ related to local mail, which
| allows local users to obtain sensitive information by reading these
| files.
Unfortunately the vulnerability described above is not important enough
to get it fixed via regular security update in Debian stable and oldstable. It
does not warrant a DSA.
However it would be nice if this could get fixed via a regular point update[1].
Please contact the release team for this.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1631
http://security-tracker.debian.net/tracker/CVE-2009-1631
[1] http://www.debian.org/doc/developers-reference/pkgs.html#upload-stable
Cheers,
Giuseppe.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-evolution-maintainers/attachments/20090804/3371d518/attachment.pgp>
More information about the Pkg-evolution-maintainers
mailing list