{"id":"DEBIAN-CVE-2013-4166","details":"The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information.","modified":"2026-04-28T20:10:23.918494Z","published":"2020-02-06T15:15:10.310Z","upstream":["CVE-2013-4166"],"references":[{"type":"ADVISORY","url":"https://security-tracker.debian.org/tracker/CVE-2013-4166"}],"affected":[{"package":{"name":"evolution","ecosystem":"Debian:11","purl":"pkg:deb/debian/evolution?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["3.38.3-1","3.38.3-1+deb11u1","3.38.3-1+deb11u2","3.38.3-1+deb11u3","3.39.2-1","3.39.3-1","3.40.0-1","3.40.1-1","3.40.2-1","3.40.4-1","3.42.0-1","3.42.0-2","3.42.1-1","3.42.2-1","3.42.3-1","3.42.4-1","3.43.2-1","3.43.2-2","3.43.3-1","3.44.0-1","3.44.0-2","3.44.1-1","3.44.1-2","3.44.2-1","3.44.3-1","3.44.3-2","3.44.4-1","3.45.2-1","3.45.2-2","3.45.3-1","3.45.3-2","3.46.0-1","3.46.0-2","3.46.1-1","3.46.2-1","3.46.3-1","3.46.4-1","3.46.4-2","3.47.2-1","3.47.3-1","3.48.0-1","3.48.1-1","3.48.2-1","3.48.3-1","3.48.4-1","3.49.2-1","3.49.2-2","3.49.2-3","3.49.3-1","3.50.0-1","3.50.1-1","3.50.2-1","3.50.3-1","3.51.2-1","3.52.0-1","3.52.1-1","3.52.1-2","3.52.1-3","3.52.1-4","3.52.2-1","3.52.2-2","3.52.3-1","3.53.2-1","3.53.3-1","3.54.0-1","3.54.1-1","3.54.2-1","3.54.3-1","3.54.3-2","3.55.1-1","3.55.1-2","3.55.2-1","3.55.3-1","3.56.0-1","3.56.1-1","3.56.2-1","3.56.2-2","3.56.2-3","3.56.2-4","3.56.2-5","3.56.2-7","3.56.2-8","3.56.2-9"],"ecosystem_specific":{"urgency":"unimportant"},"database_specific":{"source":"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2013-4166.json"}},{"package":{"name":"evolution","ecosystem":"Debian:12","purl":"pkg:deb/debian/evolution?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["3.46.4-2","3.46.4-2+deb12u1","3.47.2-1","3.47.3-1","3.48.0-1","3.48.1-1","3.48.2-1","3.48.3-1","3.48.4-1","3.49.2-1","3.49.2-2","3.49.2-3","3.49.3-1","3.50.0-1","3.50.1-1","3.50.2-1","3.50.3-1","3.51.2-1","3.52.0-1","3.52.1-1","3.52.1-2","3.52.1-3","3.52.1-4","3.52.2-1","3.52.2-2","3.52.3-1","3.53.2-1","3.53.3-1","3.54.0-1","3.54.1-1","3.54.2-1","3.54.3-1","3.54.3-2","3.55.1-1","3.55.1-2","3.55.2-1","3.55.3-1","3.56.0-1","3.56.1-1","3.56.2-1","3.56.2-2","3.56.2-3","3.56.2-4","3.56.2-5","3.56.2-7","3.56.2-8","3.56.2-9"],"ecosystem_specific":{"urgency":"unimportant"},"database_specific":{"source":"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2013-4166.json"}},{"package":{"name":"evolution","ecosystem":"Debian:13","purl":"pkg:deb/debian/evolution?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["3.56.1-1","3.56.1-1+deb13u1","3.56.2-0+deb13u1","3.56.2-1","3.56.2-2","3.56.2-3","3.56.2-4","3.56.2-5","3.56.2-7","3.56.2-8","3.56.2-9"],"ecosystem_specific":{"urgency":"unimportant"},"database_specific":{"source":"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2013-4166.json"}},{"package":{"name":"evolution","ecosystem":"Debian:14","purl":"pkg:deb/debian/evolution?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["3.56.1-1","3.56.2-1","3.56.2-2","3.56.2-3","3.56.2-4","3.56.2-5","3.56.2-7","3.56.2-8","3.56.2-9"],"ecosystem_specific":{"urgency":"unimportant"},"database_specific":{"source":"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2013-4166.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}