CVE-2013-4166 – evolution: incorrect selection of recipient gpg public key for encrypted mail

https://notcve.org/view.php?id=CVE-2013-4166

The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information. La función gpg_ctx_add_recipient en el archivo camel/camel-gpg-context.c en GNOME Evolution versiones 3.8.4 y anteriores y Evolution Data Server versiones 3.9.5 y anteriores, no selecciona apropiadamente la clave GPG que se usa para el cifrado de correo electrónico, lo que podría causar que el correo electrónico sea cifrado con la clave errada y permitir a atacantes remotos obtener información confidencial. • http://rhn.redhat.com/errata/RHSA-2013-1540.html http://seclists.org/oss-sec/2013/q3/191 https://bugzilla.redhat.com/show_bug.cgi?id=973728 https://git.gnome.org/browse/evolution-data-server/commit/?h=gnome-3-8&id=f7059bb37dcce485d36d769142ec9515708d8ae5 https://git.gnome.org/browse/evolution-data-server/commit/?id=5d8b92c622f6927b253762ff9310479dd3ac627d https://access.redhat.com/security/cve/CVE-2013-4166 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-697: Incorrect Comparison •