Making this report public since the issue is public elsewhere: https://bugzilla.gnome.org/show_bug.cgi?id=671537 http://www.openwall.com/lists/oss-security/2012/05/04/4
** Visibility changed to: Public -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to evolution-data-server in Ubuntu. https://bugs.launchpad.net/bugs/933659 Title: evolution calendar does not check SSL certificates Status in Evolution Data Server: Fix Released Status in “evolution-data-server” package in Ubuntu: Confirmed Bug description: When using a google calendar in evolution, evolution uses HTTPS. However, certificate correctness is not checked. Using a tool like sslsniff allows to capture user name and password. Given the calendar is periodically updated, it is trivial for an attacker to retrieve user private data when connected to the same local network. To manage notifications about this bug go to: https://bugs.launchpad.net/evolution-data-server/+bug/933659/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
