desktop-packages team mailing list archive

[Nik Mitev <nik@xxxxxxxxx>]

*** This bug is a security vulnerability ***

Public security bug reported:

For SSL encryption on a dedicated port evolution supports only SSLv3. After POODLE we disabled SSLv3 on server and Evolution could no longer connect.
Proper TLS support is available after patching with https://bugzilla.redhat.com/show_bug.cgi?id=1153052#c5
I patched, built and installed and SSL/TLS now working in Ubuntu 14.04 with evolution-data-server-3.10.4

Please consider distributing this as a standard software update.

** Affects: evolution (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: ssl tls

** Patch added: "By Milan Crha, original at https://bugzilla.redhat.com/show_bug.cgi?id=1153052#c5";
   https://bugs.launchpad.net/bugs/1384629/+attachment/4242280/+files/patch.txt

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to evolution in Ubuntu.
https://bugs.launchpad.net/bugs/1384629

Title:
  Connections over TLS1 and newer fail, tested patch available

Status in “evolution” package in Ubuntu:
  New

Bug description:
  For SSL encryption on a dedicated port evolution supports only SSLv3. After POODLE we disabled SSLv3 on server and Evolution could no longer connect.
  Proper TLS support is available after patching with https://bugzilla.redhat.com/show_bug.cgi?id=1153052#c5
  I patched, built and installed and SSL/TLS now working in Ubuntu 14.04 with evolution-data-server-3.10.4

  Please consider distributing this as a standard software update.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/evolution/+bug/1384629/+subscriptions