A flaw was found in evolution-data-server before 3.36.4. A input sanitization issue via STARTTLS in SMTP and POP3 may permit an attacker to inject responses and (in the worst case) mimic a whole session. Upstream issue: https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/226 Upstream fix: https://gitlab.gnome.org/GNOME//evolution-data-server/commit/ba82be72cfd427b5d72ff21f929b3a6d8529c4df
Created evolution-data-server tracking bugs for this issue: Affects: fedora-all [bug 1857471]
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-14928
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4649 https://access.redhat.com/errata/RHSA-2020:4649