Bugzilla – Bug 896679
VUL-0: CVE-2014-5444: geary: Update Geary to latest stable - securityfix included.
Last modified: 2014-09-28 10:04:41 UTC
Latest stable (0.6.3) Geary have a security fix that we should have. I've not yet been "notified" but I have reason to belive that this is CVE-2014-5444 See http://pkgs.fedoraproject.org/cgit/geary.git/commit/?id=02d24b2f4780b262808eca6064eadaf0d75039d2 and https://wiki.gnome.org/Apps/Geary News Geary 0.6.3 (stable) has been released with important security fix. Yorba highly recommends all 0.6 users upgrade to this release. 0.6.3 is already packaged in Gnome:Apps, and up to date in Factory.
if you want to, you can update the version
Great, the. But do we have a way to verify the cve ref?
redhat usually does correct assignments. it is weird that the CVE is not yet public in their bugzilla, so wait perhaps some days.
It's public over at ubuntu https://bugs.launchpad.net/ubuntu/+source/geary/+bug/1364682 MR#249394 done.
This is an autogenerated message for OBS integration: This bug (896679) was mentioned in https://build.opensuse.org/request/show/249394 13.1 / geary
bugbot adjusting priority
released
openSUSE-SU-2014:1225-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 896679 CVE References: CVE-2014-5444 Sources used: openSUSE 13.1 (src): geary-0.6.3-3.10.1