CVE-2014-5444

EUVD-2014-5331
Geary before 0.6.3 does not present the user with a warning when a TLS certificate error is detected, which makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted certificate.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 34%
Affected Products (NVD)
VendorProductVersion
yorbageary
𝑥
≤ 0.5.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
geary
bookworm
43.0-1
fixed
bullseye
3.38.1-1
fixed
sid
46.0-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
geary
artful
not-affected
bionic
not-affected
cosmic
not-affected
disco
not-affected
lucid
dne
precise
dne
trusty
dne
utopic
not-affected
vivid
not-affected
wily
not-affected
xenial
not-affected
yakkety
not-affected
zesty
not-affected
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-updates/2014-09/msg00035.html
https://bugzilla.gnome.org/show_bug.cgi?id=713247
https://git.gnome.org/browse/geary/commit/?h=geary-0.6&id=55f06a7bdcedb7efde6a516bde626ea28793ca7e
http://lists.opensuse.org/opensuse-updates/2014-09/msg00035.html
https://bugzilla.gnome.org/show_bug.cgi?id=713247
https://git.gnome.org/browse/geary/commit/?h=geary-0.6&id=55f06a7bdcedb7efde6a516bde626ea28793ca7e