This is fixed in Ubuntu 14.04 LTS and above, and older versions will not get
updated because it may break existing installation.
I'm marking this bug as fixed.
** Changed in: evolution-data-server (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to evolution-data-server in
Ubuntu.
https://bugs.launchpad.net/bugs/933659
Title:
evolution calendar does not check SSL certificates
Status in Evolution Data Server:
Fix Released
Status in evolution-data-server package in Ubuntu:
Fix Released
Status in evolution-data-server package in openSUSE:
Won't Fix
Bug description:
When using a google calendar in evolution, evolution uses HTTPS.
However, certificate correctness is not checked. Using a tool like
sslsniff allows to capture user name and password. Given the calendar
is periodically updated, it is trivial for an attacker to retrieve
user private data when connected to the same local network.
To manage notifications about this bug go to:
https://bugs.launchpad.net/evolution-data-server/+bug/933659/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
