Ubuntu
evolution package

evolution 2.6.1-0ubuntu7.4 source package in Ubuntu

Changelog

evolution (2.6.1-0ubuntu7.4) dapper-security; urgency=low

  * SECURITY UPDATE: buffer overflow via timezone data in crafted ical
    attachments
  * debian/patches/99_01_CVE-2008-1108.patch: adjust
    calendar/gui/e-itip-control.c to use a GString rather than a fixed-size
    buffer to build the HTML string to avoid the possibility of an overflow.
  * SECURITY UPDATE: heap-based overflow via crafted ical attachments with
    long DESCRIPTION
  * debian/patches/99_02_CVE-2008-1109.patch: adjust calendar/gui/itip-utils.c
    to not use a fixed-size buffer for parsing external data. Simplify the
    logic to just split and rejoin the string with a different line separator.
  * SECURITY UPDATE: remotely triggered denial of service
  * debian/patches/99_03_bug535459.patch: add sanity checks and don't use
    component when checks fail in plugins/itip-formatter.c, gui/itip-utils.h,
    gui/itip-utils.c, gui/e-itip-control.c
  * References
    CVE-2008-1108
    CVE-2008-1109
    http://bugzilla.gnome.org/show_bug.cgi?id=535459

 -- Jamie Strandboge <email address hidden>   Thu, 05 Jun 2008 07:46:48 -0400

Upload details

Uploaded by:
Jamie Strandboge
Uploaded to:
Dapper
Original maintainer:
Debian Evolution Maintainers
Architectures:
any
Section:
mail
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
evolution_2.6.1.orig.tar.gz 16.2 MiB 3580a4c876a8fb801f399d635935bac4cf4b0ff5b2dfe4515f712dc264a114b5
evolution_2.6.1-0ubuntu7.4.diff.gz 202.7 KiB 53fa61bab1c92dc6612001ded88bcd9ee9a8cbd08d32fe422df6735dca9ccb0e
evolution_2.6.1-0ubuntu7.4.dsc 1.4 KiB 36ae2696517c39a2ac043a8fefe073b6637af396d064e289da13bed119e8dc06

View changes file

Binary packages built by this source

evolution: No summary available for evolution in ubuntu dapper.

No description available for evolution in ubuntu dapper.

evolution-dbg: No summary available for evolution-dbg in ubuntu dapper.

No description available for evolution-dbg in ubuntu dapper.

evolution-dev: No summary available for evolution-dev in ubuntu dapper.

No description available for evolution-dev in ubuntu dapper.

evolution-plugins: No summary available for evolution-plugins in ubuntu dapper.

No description available for evolution-plugins in ubuntu dapper.