Описание
Security update for evolution
This update for evolution fixes the following issues:
- CVE-2020-11879: Fixed issue where websites can attach local files to emails by using a proprietary parameter without warning the user (bsc#1169843).
- Fix some warnings with newer WebKit
- Handle frame flattening change in WebKitGTK 2.40 (bsc#1213858)
Список пакетов
SUSE Linux Enterprise Software Development Kit 12 SP5
evolution-devel-3.22.6-19.14.1
SUSE Linux Enterprise Workstation Extension 12 SP5
evolution-3.22.6-19.14.1
evolution-lang-3.22.6-19.14.1
Ссылки
- Link for SUSE-SU-2023:3375-1
- E-Mail link for SUSE-SU-2023:3375-1
- SUSE Security Ratings
- SUSE Bug 1169843
- SUSE Bug 1213858
- SUSE CVE CVE-2020-11879 page
Описание
An issue was discovered in GNOME Evolution before 3.35.91. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make Evolution attach local files or directories to a composed email message without showing a warning to the user, as demonstrated by an attach=. value.
Затронутые продукты
SUSE Linux Enterprise Software Development Kit 12 SP5:evolution-devel-3.22.6-19.14.1
SUSE Linux Enterprise Workstation Extension 12 SP5:evolution-3.22.6-19.14.1
SUSE Linux Enterprise Workstation Extension 12 SP5:evolution-lang-3.22.6-19.14.1
Ссылки
- CVE-2020-11879
- SUSE Bug 1169843