ArchLinux: 201904-1: evolution: content spoofing
Summary
GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment.
Resolution
Upgrade to 3.32.0-1.
# pacman -Syu "evolution>=3.32.0-1"
The problem has been fixed upstream in version 3.32.0.
References
https://bugzilla.gnome.org/show_bug.cgi?id=796424 https://gitlab.gnome.org/GNOME/evolution/-/issues/120 https://security.archlinux.org/CVE-2018-15587
Workaround
None.