{"affected":[{"ecosystem_specific":{"binaries":[{"evolution-data-server":"3.34.4-3.3.1","evolution-data-server-devel":"3.34.4-3.3.1","evolution-data-server-lang":"3.34.4-3.3.1","evolution-ews":"3.34.4-3.3.1","evolution-ews-lang":"3.34.4-3.3.1","libcamel-1_2-62":"3.34.4-3.3.1","libebackend-1_2-10":"3.34.4-3.3.1","libebook-1_2-20":"3.34.4-3.3.1","libebook-contacts-1_2-3":"3.34.4-3.3.1","libecal-2_0-1":"3.34.4-3.3.1","libedata-book-1_2-26":"3.34.4-3.3.1","libedata-cal-2_0-1":"3.34.4-3.3.1","libedataserver-1_2-24":"3.34.4-3.3.1","libedataserverui-1_2-2":"3.34.4-3.3.1","typelib-1_0-Camel-1_2":"3.34.4-3.3.1","typelib-1_0-EBook-1_2":"3.34.4-3.3.1","typelib-1_0-EBookContacts-1_2":"3.34.4-3.3.1","typelib-1_0-ECal-2_0":"3.34.4-3.3.1","typelib-1_0-EDataServer-1_2":"3.34.4-3.3.1","typelib-1_0-EDataServerUI-1_2":"3.34.4-3.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Workstation Extension 15 SP2","name":"evolution-data-server","purl":"pkg:rpm/suse/evolution-data-server&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.34.4-3.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"evolution-data-server":"3.34.4-3.3.1","evolution-data-server-devel":"3.34.4-3.3.1","evolution-data-server-lang":"3.34.4-3.3.1","evolution-ews":"3.34.4-3.3.1","evolution-ews-lang":"3.34.4-3.3.1","libcamel-1_2-62":"3.34.4-3.3.1","libebackend-1_2-10":"3.34.4-3.3.1","libebook-1_2-20":"3.34.4-3.3.1","libebook-contacts-1_2-3":"3.34.4-3.3.1","libecal-2_0-1":"3.34.4-3.3.1","libedata-book-1_2-26":"3.34.4-3.3.1","libedata-cal-2_0-1":"3.34.4-3.3.1","libedataserver-1_2-24":"3.34.4-3.3.1","libedataserverui-1_2-2":"3.34.4-3.3.1","typelib-1_0-Camel-1_2":"3.34.4-3.3.1","typelib-1_0-EBook-1_2":"3.34.4-3.3.1","typelib-1_0-EBookContacts-1_2":"3.34.4-3.3.1","typelib-1_0-ECal-2_0":"3.34.4-3.3.1","typelib-1_0-EDataServer-1_2":"3.34.4-3.3.1","typelib-1_0-EDataServerUI-1_2":"3.34.4-3.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Workstation Extension 15 SP2","name":"evolution-ews","purl":"pkg:rpm/suse/evolution-ews&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.34.4-3.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for evolution-data-server fixes the following issues:\n\n- CVE-2020-16117: Fix crash on malformed server response with minimal capabilities (bsc#1174712).\n- CVE-2020-14928: Response injection via STARTTLS in SMTP and POP3 (bsc#1173910).\n- Fix buffer overrun when parsing base64 data (bsc#1182882).\n\nThis update for evolution-ews fixes the following issue:\n\n- Fix buffer overrun when parsing base64 data (bsc#1182882).\n","id":"SUSE-SU-2021:0949-1","modified":"2021-03-24T13:32:06Z","published":"2021-03-24T13:32:06Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2021/suse-su-20210949-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1173910"},{"type":"REPORT","url":"https://bugzilla.suse.com/1174712"},{"type":"REPORT","url":"https://bugzilla.suse.com/1182882"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-14928"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-16117"}],"related":["CVE-2020-14928","CVE-2020-16117"],"summary":"Security update for evolution-data-server","upstream":["CVE-2020-14928","CVE-2020-16117"]}