USN-3724-1
- Source
- https://ubuntu.com/security/notices/USN-3724-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3724-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/USN-3724-1
- Upstream
- Related
- Published
- 2018-07-26T13:27:57.706154Z
- Modified
- 2025-10-13T04:34:41Z
- Summary
- evolution-data-server vulnerability
- Details
-
Jon Kristensen discovered that Evolution Data Server would automatically downgrade a connection to an IMAP server if the IMAP server did not support SSL. This would result in the user's password being unexpectedly sent in clear text, even though the user had requested to use SSL.
- References
Affected packages
Ubuntu:14.04:LTS / evolution-data-server
Package
- Name
- evolution-data-server
- Purl
- pkg:deb/ubuntu/evolution-data-server@3.10.4-0ubuntu1.6?arch=source&distro=trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.10.4-0ubuntu1.6
Affected versions
3.*
3.8.5-1ubuntu3
3.8.5-1ubuntu4
3.10.1-2ubuntu2
3.10.1-2ubuntu3
3.10.3-0ubuntu1
3.10.3-0ubuntu2
3.10.4-0ubuntu1
3.10.4-0ubuntu1.1
3.10.4-0ubuntu1.2
3.10.4-0ubuntu1.3
3.10.4-0ubuntu1.5
Ecosystem specific
{
"binaries": [
{
"binary_version": "3.10.4-0ubuntu1.6",
"binary_name": "evolution-data-server"
},
{
"binary_version": "3.10.4-0ubuntu1.6",
"binary_name": "evolution-data-server-common"
},
{
"binary_version": "3.10.4-0ubuntu1.6",
"binary_name": "evolution-data-server-dev"
},
{
"binary_version": "3.10.4-0ubuntu1.6",
"binary_name": "evolution-data-server-online-accounts"
},
{
"binary_version": "3.10.4-0ubuntu1.6",
"binary_name": "gir1.2-ebook-1.2"
},
{
"binary_version": "3.10.4-0ubuntu1.6",
"binary_name": "gir1.2-ebookcontacts-1.2"
},
{
"binary_version": "3.10.4-0ubuntu1.6",
"binary_name": "gir1.2-edataserver-1.2"
},
{
"binary_version": "3.10.4-0ubuntu1.6",
"binary_name": "libcamel-1.2-45"
},
{
"binary_version": "3.10.4-0ubuntu1.6",
"binary_name": "libcamel1.2-dev"
},
{
"binary_version": "3.10.4-0ubuntu1.6",
"binary_name": "libebackend-1.2-7"
},
{
"binary_version": "3.10.4-0ubuntu1.6",
"binary_name": "libebackend1.2-dev"
},
{
"binary_version": "3.10.4-0ubuntu1.6",
"binary_name": "libebook-1.2-14"
},
{
"binary_version": "3.10.4-0ubuntu1.6",
"binary_name": "libebook-contacts-1.2-0"
},
{
"binary_version": "3.10.4-0ubuntu1.6",
"binary_name": "libebook-contacts1.2-dev"
},
{
"binary_version": "3.10.4-0ubuntu1.6",
"binary_name": "libebook1.2-dev"
},
{
"binary_version": "3.10.4-0ubuntu1.6",
"binary_name": "libecal-1.2-16"
},
{
"binary_version": "3.10.4-0ubuntu1.6",
"binary_name": "libecal1.2-dev"
},
{
"binary_version": "3.10.4-0ubuntu1.6",
"binary_name": "libedata-book-1.2-20"
},
{
"binary_version": "3.10.4-0ubuntu1.6",
"binary_name": "libedata-book1.2-dev"
},
{
"binary_version": "3.10.4-0ubuntu1.6",
"binary_name": "libedata-cal-1.2-23"
},
{
"binary_version": "3.10.4-0ubuntu1.6",
"binary_name": "libedata-cal1.2-dev"
},
{
"binary_version": "3.10.4-0ubuntu1.6",
"binary_name": "libedataserver-1.2-18"
},
{
"binary_version": "3.10.4-0ubuntu1.6",
"binary_name": "libedataserver1.2-dev"
}
],
"availability": "No subscription required"
}
Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3724-1.json"
cves_map
{
"cves": [
{
"id": "CVE-2016-10727",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
}
],
"ecosystem": "Ubuntu:14.04:LTS"
}
Ubuntu:16.04:LTS / evolution-data-server
Package
- Name
- evolution-data-server
- Purl
- pkg:deb/ubuntu/evolution-data-server@3.18.5-1ubuntu1.1?arch=source&distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.18.5-1ubuntu1.1
Affected versions
3.*
3.16.5-1ubuntu3
3.18.1-1ubuntu1
3.18.2-0ubuntu1
3.18.2-0ubuntu2
3.18.3-1ubuntu1
3.18.3-1ubuntu2
3.18.4-0ubuntu1
3.18.5-1ubuntu1
Ecosystem specific
{
"binaries": [
{
"binary_version": "3.18.5-1ubuntu1.1",
"binary_name": "evolution-data-server"
},
{
"binary_version": "3.18.5-1ubuntu1.1",
"binary_name": "evolution-data-server-common"
},
{
"binary_version": "3.18.5-1ubuntu1.1",
"binary_name": "evolution-data-server-dev"
},
{
"binary_version": "3.18.5-1ubuntu1.1",
"binary_name": "evolution-data-server-online-accounts"
},
{
"binary_version": "3.18.5-1ubuntu1.1",
"binary_name": "gir1.2-ebook-1.2"
},
{
"binary_version": "3.18.5-1ubuntu1.1",
"binary_name": "gir1.2-ebookcontacts-1.2"
},
{
"binary_version": "3.18.5-1ubuntu1.1",
"binary_name": "gir1.2-edataserver-1.2"
},
{
"binary_version": "3.18.5-1ubuntu1.1",
"binary_name": "libcamel-1.2-54"
},
{
"binary_version": "3.18.5-1ubuntu1.1",
"binary_name": "libcamel1.2-dev"
},
{
"binary_version": "3.18.5-1ubuntu1.1",
"binary_name": "libebackend-1.2-10"
},
{
"binary_version": "3.18.5-1ubuntu1.1",
"binary_name": "libebackend1.2-dev"
},
{
"binary_version": "3.18.5-1ubuntu1.1",
"binary_name": "libebook-1.2-16"
},
{
"binary_version": "3.18.5-1ubuntu1.1",
"binary_name": "libebook-contacts-1.2-2"
},
{
"binary_version": "3.18.5-1ubuntu1.1",
"binary_name": "libebook-contacts1.2-dev"
},
{
"binary_version": "3.18.5-1ubuntu1.1",
"binary_name": "libebook1.2-dev"
},
{
"binary_version": "3.18.5-1ubuntu1.1",
"binary_name": "libecal-1.2-19"
},
{
"binary_version": "3.18.5-1ubuntu1.1",
"binary_name": "libecal1.2-dev"
},
{
"binary_version": "3.18.5-1ubuntu1.1",
"binary_name": "libedata-book-1.2-25"
},
{
"binary_version": "3.18.5-1ubuntu1.1",
"binary_name": "libedata-book1.2-dev"
},
{
"binary_version": "3.18.5-1ubuntu1.1",
"binary_name": "libedata-cal-1.2-28"
},
{
"binary_version": "3.18.5-1ubuntu1.1",
"binary_name": "libedata-cal1.2-dev"
},
{
"binary_version": "3.18.5-1ubuntu1.1",
"binary_name": "libedataserver-1.2-21"
},
{
"binary_version": "3.18.5-1ubuntu1.1",
"binary_name": "libedataserver1.2-dev"
},
{
"binary_version": "3.18.5-1ubuntu1.1",
"binary_name": "libedataserverui-1.2-1"
},
{
"binary_version": "3.18.5-1ubuntu1.1",
"binary_name": "libedataserverui1.2-dev"
}
],
"availability": "No subscription required"
}
Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3724-1.json"
cves_map
{
"cves": [
{
"id": "CVE-2016-10727",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
}
],
"ecosystem": "Ubuntu:16.04:LTS"
}