{"affected":[{"ecosystem_specific":{"binaries":[{"libcamel-1_2-57":"3.20.6-17.3.1","libedataserver-1_2-21":"3.20.6-17.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Workstation Extension 12 SP5","name":"evolution-data-server","purl":"pkg:rpm/suse/evolution-data-server&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.20.6-17.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for evolution-data-server fixes the following issues:\n\n- Fix buffer overrun when parsing base64 data (bsc#1182882).\n- CVE-2020-16117: Fix crash on malformed server response with minimal capabilities (bsc#1174712).\n- CVE-2020-14928: Response injection via STARTTLS in SMTP and POP3 (bsc#1173910).\n","id":"SUSE-SU-2021:0885-1","modified":"2021-03-19T14:48:30Z","published":"2021-03-19T14:48:30Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2021/suse-su-20210885-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1173910"},{"type":"REPORT","url":"https://bugzilla.suse.com/1174712"},{"type":"REPORT","url":"https://bugzilla.suse.com/1182882"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-14928"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-16117"}],"related":["CVE-2020-14928","CVE-2020-16117"],"summary":"Security update for evolution-data-server","upstream":["CVE-2020-14928","CVE-2020-16117"]}