[Evolution] Bug#445968: evolution: known certificates not bound to mail accounts/hostnames

Hanspeter Kunz hkunz at ifi.uzh.ch
Tue Oct 9 13:00:06 UTC 2007


Package: evolution
Version: 2.12.0-2
Severity: normal

Hi,

evolution does not check if a known certificate belongs to the mail
account/hostname. 

Consider the following scenario: 
evolution is configured with two imap accounts to imap.server1.com and
imap.server2.org, and evolution is configured to trust the certificates
of both servers.

If for some reason imap.server1.com is resolved to the IP of
imap.server2.org (by dns poisoning, or, for testing purposes, by an
entry in /etc/hosts for example) evolution does not complain about the
changed certificate for imap.server1.com, because the "new certificate"
is already known. But this "new certificate", although it might be a
valid one, it is not the one that should be expected. Evolution should
verify if the certificate actually comes from the host that was
configured, or it should check if the certificate was accepted for that
mail account.

cheers,
Hp.

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1,
'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.22-2-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages evolution depends on:
ii  dbus                    1.1.1-3          simple interprocess
messaging syst
ii  evolution-common        2.12.0-2         architecture independent
files for
ii  evolution-data-server   1.12.0-1         evolution database backend
server
ii  gconf2                  2.20.0-1         GNOME configuration
database syste
ii  gnome-icon-theme        2.20.0-1         GNOME Desktop icon theme
ii  gtkhtml3.14             3.16.0-2         HTML rendering/editing
library - b
ii  libart-2.0-2            2.3.19-3         Library of functions for 2D
graphi
ii  libatk1.0-0             1.20.0-1         The ATK accessibility
toolkit
ii  libbonobo2-0            2.20.0-1         Bonobo CORBA interfaces
library
ii  libbonoboui2-0          2.20.0-1         The Bonobo UI library
ii  libc6                   2.6.1-5          GNU C Library: Shared
libraries
ii  libcairo2               1.4.10-1         The Cairo 2D vector
graphics libra
ii  libcamel1.2-10          1.12.0-1         The Evolution MIME message
handlin
ii  libdbus-1-3             1.1.1-3          simple interprocess
messaging syst
ii  libdbus-glib-1-2        0.74-1           simple interprocess
messaging syst
ii  libebook1.2-9           1.12.0-1         Client library for
evolution addre
ii  libecal1.2-7            1.12.0-1         Client library for
evolution calen
ii  libedataserver1.2-9     1.12.0-1         Utility library for
evolution data
ii  libedataserverui1.2-8   1.12.0-1         GUI utility library for
evolution
ii  libegroupwise1.2-13     1.12.0-1         Client library for
accessing group
ii  libexchange-storage1.2- 1.12.0-1         Backend library for
evolution cale
ii  libfontconfig1          2.4.2-1.2        generic font configuration
library
ii  libfreetype6            2.3.5-1+b1       FreeType 2 font engine,
shared lib
ii  libgconf2-4             2.20.0-1         GNOME configuration
database syste
ii  libglade2-0             1:2.6.2-1        library to load .glade
files at ru
ii  libglib2.0-0            2.14.1-5         The GLib library of C
routines
ii  libgnome-pilot2         2.0.15-2         Support libraries for
gnome-pilot
ii  libgnome2-0             2.20.0-1         The GNOME 2 library -
runtime file
ii  libgnomecanvas2-0       2.20.0-1         A powerful object-oriented
display
ii  libgnomeui-0            2.20.0-1         The GNOME 2 libraries (User
Interf
ii  libgnomevfs2-0          1:2.20.0-2       GNOME Virtual File System
(runtime
ii  libgnutls13             2.0.1-1          the GNU TLS library -
runtime libr
ii  libgtk2.0-0             2.12.0-2         The GTK+ graphical user
interface
ii  libgtkhtml3.14-19       3.16.0-2         HTML rendering/editing
library - r
ii  libhal1                 0.5.9.1-6        Hardware Abstraction Layer
- share
ii  libice6                 2:1.0.4-1        X11 Inter-Client Exchange
library
ii  libldap2                2.1.30.dfsg-13.5 OpenLDAP libraries
ii  libnm-glib0             0.6.5-2          network management
framework (GLib
ii  libnotify1 [libnotify1- 0.4.4-3          sends desktop notifications
to a n
ii  libnspr4-0d             4.6.7-1          NetScape Portable Runtime
Library
ii  libnss3-0d              3.11.7-1         Network Security Service
libraries
ii  liborbit2               1:2.14.7-0.1     libraries for ORBit2 - a
CORBA ORB
ii  libpango1.0-0           1.18.2-2         Layout and rendering of
internatio
ii  libpisock9              0.12.2-10        library for communicating
with a P
ii  libpisync0              0.12.2-10        synchronization library for
PalmOS
ii  libpng12-0              1.2.15~beta5-2   PNG library - runtime
ii  libpopt0                1.10-3           lib for parsing cmdline
parameters
ii  libsm6                  2:1.0.3-1+b1     X11 Session Management
library
ii  libsoup2.2-8            2.2.101-1        an HTTP library
implementation in
ii  libx11-6                2:1.0.3-7        X11 client-side library
ii  libxcomposite1          1:0.3.2-1+b1     X11 Composite extension
library
ii  libxcursor1             1:1.1.9-1        X cursor management library
ii  libxdamage1             1:1.1.1-3        X11 damaged region
extension libra
ii  libxext6                1:1.0.3-2        X11 miscellaneous extension
librar
ii  libxfixes3              1:4.0.3-2        X11 miscellaneous 'fixes'
extensio
ii  libxi6                  2:1.1.3-1        X11 Input extension library
ii  libxinerama1            1:1.0.2-1        X11 Xinerama extension
library
ii  libxml2                 2.6.30.dfsg-2    GNOME XML library
ii  libxrandr2              2:1.2.2-1        X11 RandR extension library
ii  libxrender1             1:0.9.4-1        X Rendering Extension
client libra
ii  zlib1g                  1:1.2.3.3.dfsg-6 compression library -
runtime

Versions of packages evolution recommends:
ii  evolution-plugins             2.12.0-2   standard plugins for
Evolution
ii  gnome-desktop-data            2.20.0-2   Common files for GNOME 2
desktop a
ii  gnome-pilot-conduits          2.0.15-1   conduits for gnome-pilot
ii  spamassassin                  3.2.1-1    Perl-based spam filter
using text
ii  yelp                          2.20.0-1   Help browser for GNOME 2

-- no debconf information







More information about the Pkg-evolution-maintainers mailing list