CVE-2009-0547
evolution-data-server - several vulnerabilities
EPSS 4.2%
Description
Evolution 2.22.3.1 checks S/MIME signatures against a copy of the e-mail text within a signed-data blob, not the copy of the e-mail text displayed to the user, which allows remote attackers to spoof a signature by modifying the latter copy, a different vulnerability than CVE-2008-5077.
How to fix CVE-2009-0547
To remediate CVE-2009-0547, upgrade the affected package to a fixed version below.
- Debian/evolution-data-server—upgrade to 2.24.5-2 or later
- Debian/evolution-data-server—upgrade to 1.6.3-5etch2 or later
Is CVE-2009-0547 being exploited?
Low — EPSS is 4.2%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 2.24.5-2
- from 0, < 1.6.3-5etch2