Arch Linux Security Advisory ASA-201904-1 ========================================= Severity: High Date : 2019-04-02 CVE-ID : CVE-2018-15587 Package : evolution Type : content spoofing Remote : Yes Link : https://security.archlinux.org/AVG-889 Summary ======= The package evolution before version 3.32.0-1 is vulnerable to content spoofing. Resolution ========== Upgrade to 3.32.0-1. # pacman -Syu "evolution>=3.32.0-1" The problem has been fixed upstream in version 3.32.0. Workaround ========== None. Description =========== GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment. Impact ====== A remote attacker can spoof a valid signature for a specially crafted e-mail. References ========== https://bugzilla.gnome.org/show_bug.cgi?id=796424 https://gitlab.gnome.org/GNOME/evolution/issues/120 https://security.archlinux.org/CVE-2018-15587