USN-3998-1

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/notices/USN-3998-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3998-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/USN-3998-1
Upstream
Related
Published
2019-05-30T11:41:05.639416Z
Modified
2025-10-13T04:34:50Z
Summary
evolution-data-server vulnerability
Details

Marcus Brinkmann discovered that Evolution Data Server did not correctly interpret the output from GPG when decrypting encrypted messages. Under certain circumstances, this could result in displaying clear-text portions of encrypted messages as though they were encrypted.

References

Affected packages

Ubuntu:16.04:LTS / evolution-data-server

Package

Name
evolution-data-server
Purl
pkg:deb/ubuntu/evolution-data-server@3.18.5-1ubuntu1.2?arch=source&distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.18.5-1ubuntu1.2

Affected versions

3.*

3.16.5-1ubuntu3
3.18.1-1ubuntu1
3.18.2-0ubuntu1
3.18.2-0ubuntu2
3.18.3-1ubuntu1
3.18.3-1ubuntu2
3.18.4-0ubuntu1
3.18.5-1ubuntu1
3.18.5-1ubuntu1.1

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "evolution-data-server",
            "binary_version": "3.18.5-1ubuntu1.2"
        },
        {
            "binary_name": "evolution-data-server-common",
            "binary_version": "3.18.5-1ubuntu1.2"
        },
        {
            "binary_name": "evolution-data-server-dev",
            "binary_version": "3.18.5-1ubuntu1.2"
        },
        {
            "binary_name": "evolution-data-server-online-accounts",
            "binary_version": "3.18.5-1ubuntu1.2"
        },
        {
            "binary_name": "gir1.2-ebook-1.2",
            "binary_version": "3.18.5-1ubuntu1.2"
        },
        {
            "binary_name": "gir1.2-ebookcontacts-1.2",
            "binary_version": "3.18.5-1ubuntu1.2"
        },
        {
            "binary_name": "gir1.2-edataserver-1.2",
            "binary_version": "3.18.5-1ubuntu1.2"
        },
        {
            "binary_name": "libcamel-1.2-54",
            "binary_version": "3.18.5-1ubuntu1.2"
        },
        {
            "binary_name": "libcamel1.2-dev",
            "binary_version": "3.18.5-1ubuntu1.2"
        },
        {
            "binary_name": "libebackend-1.2-10",
            "binary_version": "3.18.5-1ubuntu1.2"
        },
        {
            "binary_name": "libebackend1.2-dev",
            "binary_version": "3.18.5-1ubuntu1.2"
        },
        {
            "binary_name": "libebook-1.2-16",
            "binary_version": "3.18.5-1ubuntu1.2"
        },
        {
            "binary_name": "libebook-contacts-1.2-2",
            "binary_version": "3.18.5-1ubuntu1.2"
        },
        {
            "binary_name": "libebook-contacts1.2-dev",
            "binary_version": "3.18.5-1ubuntu1.2"
        },
        {
            "binary_name": "libebook1.2-dev",
            "binary_version": "3.18.5-1ubuntu1.2"
        },
        {
            "binary_name": "libecal-1.2-19",
            "binary_version": "3.18.5-1ubuntu1.2"
        },
        {
            "binary_name": "libecal1.2-dev",
            "binary_version": "3.18.5-1ubuntu1.2"
        },
        {
            "binary_name": "libedata-book-1.2-25",
            "binary_version": "3.18.5-1ubuntu1.2"
        },
        {
            "binary_name": "libedata-book1.2-dev",
            "binary_version": "3.18.5-1ubuntu1.2"
        },
        {
            "binary_name": "libedata-cal-1.2-28",
            "binary_version": "3.18.5-1ubuntu1.2"
        },
        {
            "binary_name": "libedata-cal1.2-dev",
            "binary_version": "3.18.5-1ubuntu1.2"
        },
        {
            "binary_name": "libedataserver-1.2-21",
            "binary_version": "3.18.5-1ubuntu1.2"
        },
        {
            "binary_name": "libedataserver1.2-dev",
            "binary_version": "3.18.5-1ubuntu1.2"
        },
        {
            "binary_name": "libedataserverui-1.2-1",
            "binary_version": "3.18.5-1ubuntu1.2"
        },
        {
            "binary_name": "libedataserverui1.2-dev",
            "binary_version": "3.18.5-1ubuntu1.2"
        }
    ]
}

Database specific

cves_map

{
    "cves": [
        {
            "id": "CVE-2018-15587",
            "severity": [
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"
                },
                {
                    "type": "Ubuntu",
                    "score": "medium"
                }
            ]
        }
    ],
    "ecosystem": "Ubuntu:16.04:LTS"
}

Ubuntu:18.04:LTS / evolution-data-server

Package

Name
evolution-data-server
Purl
pkg:deb/ubuntu/evolution-data-server@3.28.5-0ubuntu0.18.04.2?arch=source&distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.28.5-0ubuntu0.18.04.2

Affected versions

3.*

3.26.1-1ubuntu1
3.26.2-1ubuntu1
3.26.2.1-1ubuntu1
3.26.2.1-1ubuntu3
3.26.3-1ubuntu1
3.26.5-1ubuntu3
3.27.90-1ubuntu1
3.28.0-1ubuntu1
3.28.0-2ubuntu1
3.28.0-2ubuntu2
3.28.1-1ubuntu1
3.28.3-0ubuntu0.18.04.1
3.28.5-0ubuntu0.18.04.1

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "evolution-data-server",
            "binary_version": "3.28.5-0ubuntu0.18.04.2"
        },
        {
            "binary_name": "evolution-data-server-common",
            "binary_version": "3.28.5-0ubuntu0.18.04.2"
        },
        {
            "binary_name": "evolution-data-server-dev",
            "binary_version": "3.28.5-0ubuntu0.18.04.2"
        },
        {
            "binary_name": "evolution-data-server-online-accounts",
            "binary_version": "3.28.5-0ubuntu0.18.04.2"
        },
        {
            "binary_name": "evolution-data-server-tests",
            "binary_version": "3.28.5-0ubuntu0.18.04.2"
        },
        {
            "binary_name": "gir1.2-camel-1.2",
            "binary_version": "3.28.5-0ubuntu0.18.04.2"
        },
        {
            "binary_name": "gir1.2-ebook-1.2",
            "binary_version": "3.28.5-0ubuntu0.18.04.2"
        },
        {
            "binary_name": "gir1.2-ebookcontacts-1.2",
            "binary_version": "3.28.5-0ubuntu0.18.04.2"
        },
        {
            "binary_name": "gir1.2-edataserver-1.2",
            "binary_version": "3.28.5-0ubuntu0.18.04.2"
        },
        {
            "binary_name": "gir1.2-edataserverui-1.2",
            "binary_version": "3.28.5-0ubuntu0.18.04.2"
        },
        {
            "binary_name": "libcamel-1.2-61",
            "binary_version": "3.28.5-0ubuntu0.18.04.2"
        },
        {
            "binary_name": "libcamel1.2-dev",
            "binary_version": "3.28.5-0ubuntu0.18.04.2"
        },
        {
            "binary_name": "libebackend-1.2-10",
            "binary_version": "3.28.5-0ubuntu0.18.04.2"
        },
        {
            "binary_name": "libebackend1.2-dev",
            "binary_version": "3.28.5-0ubuntu0.18.04.2"
        },
        {
            "binary_name": "libebook-1.2-19",
            "binary_version": "3.28.5-0ubuntu0.18.04.2"
        },
        {
            "binary_name": "libebook-contacts-1.2-2",
            "binary_version": "3.28.5-0ubuntu0.18.04.2"
        },
        {
            "binary_name": "libebook-contacts1.2-dev",
            "binary_version": "3.28.5-0ubuntu0.18.04.2"
        },
        {
            "binary_name": "libebook1.2-dev",
            "binary_version": "3.28.5-0ubuntu0.18.04.2"
        },
        {
            "binary_name": "libecal-1.2-19",
            "binary_version": "3.28.5-0ubuntu0.18.04.2"
        },
        {
            "binary_name": "libecal1.2-dev",
            "binary_version": "3.28.5-0ubuntu0.18.04.2"
        },
        {
            "binary_name": "libedata-book-1.2-25",
            "binary_version": "3.28.5-0ubuntu0.18.04.2"
        },
        {
            "binary_name": "libedata-book1.2-dev",
            "binary_version": "3.28.5-0ubuntu0.18.04.2"
        },
        {
            "binary_name": "libedata-cal-1.2-28",
            "binary_version": "3.28.5-0ubuntu0.18.04.2"
        },
        {
            "binary_name": "libedata-cal1.2-dev",
            "binary_version": "3.28.5-0ubuntu0.18.04.2"
        },
        {
            "binary_name": "libedataserver-1.2-23",
            "binary_version": "3.28.5-0ubuntu0.18.04.2"
        },
        {
            "binary_name": "libedataserver1.2-dev",
            "binary_version": "3.28.5-0ubuntu0.18.04.2"
        },
        {
            "binary_name": "libedataserverui-1.2-2",
            "binary_version": "3.28.5-0ubuntu0.18.04.2"
        },
        {
            "binary_name": "libedataserverui1.2-dev",
            "binary_version": "3.28.5-0ubuntu0.18.04.2"
        }
    ]
}

Database specific

cves_map

{
    "cves": [
        {
            "id": "CVE-2018-15587",
            "severity": [
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"
                },
                {
                    "type": "Ubuntu",
                    "score": "medium"
                }
            ]
        }
    ],
    "ecosystem": "Ubuntu:18.04:LTS"
}