-
evolution-data-server (3.18.5-1ubuntu1.3) xenial-security; urgency=medium
* SECURITY UPDATE: STARTTLS response injection
- debian/patches/CVE-2020-14928-1.patch: truncate cached data in
camel/camel-stream-buffer.c, camel/camel-stream-buffer.h,
camel/providers/pop3/camel-pop3-store.c,
camel/providers/pop3/camel-pop3-stream.c,
camel/providers/pop3/camel-pop3-stream.h,
camel/providers/smtp/camel-smtp-transport.c.
- debian/patches/CVE-2020-14928-2.patch: rename function in
camel/camel-stream-buffer.c, camel/camel-stream-buffer.h,
camel/providers/pop3/camel-pop3-store.c,
camel/providers/pop3/camel-pop3-stream.c,
camel/providers/pop3/camel-pop3-stream.h,
camel/providers/smtp/camel-smtp-transport.c.
- debian/libcamel-1.2-54.symbols: added new symbol.
- CVE-2020-14928
-- Marc Deslauriers <email address hidden> Wed, 08 Jul 2020 09:49:50 -0400
-
evolution-data-server (3.18.5-1ubuntu1.2) xenial-security; urgency=medium
* SECURITY UPDATE: GPG email signature spoofing
- debian/patches/CVE-2018-15587-1.patch: Add more strict parsing for
output from gpg in src/camel/camel-gpg-context.c to ensure signatures
cannot be spoofed
- debian/patches/CVE-2018-15587-2.patch: Ensure decrypted output is
not truncated in src/camel/camel-gpg-context.c
- debian/patches/CVE-2018-15587-3.patch: Fix incomplete upstream patch in
src/camel/camel-gpg-context.c to ensure the entire message is read
-- Alex Murray <email address hidden> Tue, 28 May 2019 17:07:19 +0930
-
evolution-data-server (3.18.5-1ubuntu1.1) xenial-security; urgency=medium
* SECURITY UPDATE: Unexpected STARTTLS downgrade
- debian/patches/CVE-2016-10727.patch: When a user has setup the STARTTLS
encryption method, but the server doesn't support it, then an error should
be shown to the user, instead of using unsecure connection. In
camel/providers/imapx/camel-imax-server.c
- CVE-2016-10727
-- Mike Salvatore <email address hidden> Wed, 25 Jul 2018 09:13:51 -0400
-
evolution-data-server (3.18.5-1ubuntu1) xenial; urgency=medium
* Merge with Debian, remaining Ubuntu changes:
* debian/control:
- Add build depends on libaccounts-glib-dev, libsignon-glib-dev
- Bump build depends on libgdata-dev (so we get gtasks support)
* debian/rules:
- Enable Ubuntu online accounts
* debian/libedataserverui-1.2-1.symbols:
- Add missing symbols file
* debian/control,
debian/evolution-data-server.install:
debian/evolution-data-server-online-accounts.install:
- Split online accounts support into a separate package
evolution-data-server (3.18.5-1) unstable; urgency=medium
* Multiarchify the library packages. (Closes: #812938)
* debian/rules: Strip -Bsymbolic-functions from LDFLAGS - this breaks e-d-s
at runtime.
* debian/rules: Build with --fail-missing
* New upstream release 3.18.5
-- Iain Lane <email address hidden> Tue, 23 Feb 2016 12:05:57 +0000
-
evolution-data-server (3.18.4-0ubuntu1) xenial; urgency=medium
* New upstream version
-- Sebastien Bacher <email address hidden> Fri, 12 Feb 2016 13:47:09 +0100
-
evolution-data-server (3.18.3-1ubuntu2) xenial; urgency=medium
* Multiarchify the library packages.
-- Matthias Klose <email address hidden> Wed, 27 Jan 2016 23:49:38 +0100
-
evolution-data-server (3.18.3-1ubuntu1) xenial; urgency=medium
* Merge with Debian, remaining Ubuntu changes:
* debian/control:
- Add build depends on libaccounts-glib-dev, libsignon-glib-dev
- Bump build depends on libgdata-dev (so we get gtasks support)
* debian/rules:
- Build with dh_install --fail-missing
- Filter out -Bsymbolic-functions from LDFLAGS (for future people
wondering about this change, see e.g. BGO #594473 and duplicates).
- Enable Ubuntu online accounts
* debian/libedataserverui-1.2-1.symbols:
- Add missing symbols file
* debian/control,
debian/evolution-data-server.install:
debian/evolution-data-server-online-accounts.install:
- Split online accounts support into a separate package
evolution-data-server (3.18.3-1) unstable; urgency=medium
* New upstream release.
-- Iain Lane <email address hidden> Wed, 16 Dec 2015 13:54:54 +0000
-
evolution-data-server (3.18.3-0ubuntu1) xenial; urgency=medium
* New upstream version
* debian/control:
- clear out some old conflicts, not needed since trusty
-- Sebastien Bacher <email address hidden> Wed, 16 Dec 2015 09:17:57 +0100
-
evolution-data-server (3.18.2-0ubuntu2) xenial; urgency=medium
* debian/control:
- let evolution-data-server-online-accounts recommends
signon-plugin-password, it's required for authentication with
several services
-- Sebastien Bacher <email address hidden> Thu, 03 Dec 2015 16:49:58 +0100
-
evolution-data-server (3.18.2-0ubuntu1) xenial; urgency=medium
* New upstream version
-- Sebastien Bacher <email address hidden> Thu, 12 Nov 2015 19:16:52 +0100
-
evolution-data-server (3.18.1-1ubuntu1) xenial; urgency=medium
* Merge with Debian, remaining Ubuntu changes:
* debian/control:
- Add build depends on libaccounts-glib-dev, libsignon-glib-dev
- Bump build depends on libgdata-dev (so we get gtasks support)
- Add evolution-data-server-online-accounts package
* debian/rules:
- Build with dh_install --fail-missing
- Filter out -Bsymbolic-functions from LDFLAGS (for future people
wondering about this change, see e.g. BGO #594473 and duplicates).
- Enable Ubuntu online accounts
* debian/libedataserverui-1.2-1.symbols:
- Add missing symbols file
* debian/evolution-data-server.install:
* debian/evolution-data-server-online-accounts.install:
- Split online accounts support into a separate package
-- Robert Ancell <email address hidden> Tue, 27 Oct 2015 17:39:58 +1300
-
evolution-data-server (3.16.5-1ubuntu3) wily; urgency=medium
[ Sebastien Bacher ]
* debian/patches/git_invalid_unref_source.patch:
- "[UOA] Incorrect ESource unref in e_signon_session_password_get()"
[ Iain Lane ]
* debian/patches/git_Bug-755075-Recent-glib-2.45.8-change-breaks-account-.patch
- Fix settings incorrectly returning their default values, which breaks
some setups (LP: #1498945)
* Include some changes which were committed to the VCS for 1ubuntu1 (delta
reduction vs. Debian) but accidentally not uploaded.
- Debian disabled libphonenumber too; take their commented out rules
snippet
- debian/libebackend-1.2-10.install: Use a regex and mark leaked icu
symbols as optional.
-- Iain Lane <email address hidden> Wed, 30 Sep 2015 12:36:50 +0100