Re: [Evolution] Bug#508479: evolution shows a SMIME signed messages as ok even if modified

To: Joachim Breitner <nomeata@debian.org>, 508479@bugs.debian.org
Cc: debian-security@lists.debian.org
Subject: Re: [Evolution] Bug#508479: evolution shows a SMIME signed messages as ok even if modified
From: Yves-Alexis Perez <corsac@debian.org>
Date: Sat, 14 Feb 2009 14:13:58 +0100
Message-id: <[🔎] 1234617238.8159.4.camel@hidalgo>
In-reply-to: <20081211174130.8901.3763.reportbug@otto.ehbuehl.net>
References: <20081211174130.8901.3763.reportbug@otto.ehbuehl.net>

On jeu, 2008-12-11 at 18:41 +0100, Joachim Breitner wrote:
> please consider raising the Severity if appropriate.
> 
> Attached are two very minimal test mails. you can drag’n’drop them in
> evolution. The (self-signed) key.pem contains a certificate, you can
> import it a signing authority.
> 
> Both messages will be shown as correctly verfied, although one is just a
> copy of the other, with the body modified.

For the record, CVE-2009-0547 has been assigned to this issue.
-- 
Yves-Alexis

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

Prev by Date: Re: Paper on potential security issues with the linux kernel PRNG
Next by Date: Re: [SECURITY] [DSA 1719-1] New gnutls13 packages fix certificate validation
Previous by thread: Re: 256-bit Camellia vs 256-bit AES - Which is better?
Next by thread: Re: [rt.scanplus.de #18206] AutoReply: [SECURITY] [DSA 1725-1] New websvn packages fix information leak
Index(es):
- Date
- Thread