evolution 2.22.2-0ubuntu1.2 source package in Ubuntu
Changelog
evolution (2.22.2-0ubuntu1.2) hardy-security; urgency=low
* SECURITY UPDATE: buffer overflow via timezone data in crafted ical
attachments
* debian/patches/99_00_CVE-2008-1108.patch: adjust
calendar/gui/e-itip-control.c to use a GString rather than a fixed-size
buffer to build the HTML string to avoid the possibility of an overflow.
* SECURITY UPDATE: heap-based overflow via crafted ical attachments with
long DESCRIPTION
* debian/patches/99_01_CVE-2008-1109.patch: adjust calendar/gui/itip-utils.c
to not use a fixed-size buffer for parsing external data. Simplify the
logic to just split and rejoin the string with a different line separator.
* SECURITY UPDATE: remotely triggered denial of service
* debian/patches/99_02_bug535459.patch: add sanity checks and don't use
component when checks fail in plugins/itip-formatter.c, gui/itip-utils.h,
gui/itip-utils.c, gui/e-itip-control.c
* References
CVE-2008-1108
CVE-2008-1109
http://bugzilla.gnome.org/show_bug.cgi?id=535459
-- Jamie Strandboge <email address hidden> Thu, 05 Jun 2008 06:34:50 -0400
Upload details
- Uploaded by:
- Jamie Strandboge
- Uploaded to:
- Hardy
- Original maintainer:
- Ubuntu Desktop
- Architectures:
- any
- Section:
- Urgency:
- Low Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| evolution_2.22.2.orig.tar.gz | 35.4 MiB | d3808277aee0e1d5c34d623e0bacd0c479d36c9836db81d6ed9ff639a8f0378b |
| evolution_2.22.2-0ubuntu1.2.diff.gz | 44.4 KiB | 96f89c238a7227def93404f119a98593bc37c2b2e539578122fa5217126f78c3 |
| evolution_2.22.2-0ubuntu1.2.dsc | 2.1 KiB | fa2e6ca34b9df96bb0ef660db43a944a878da2cc150574640246f41779c06761 |
Available diffs
Binary packages built by this source
- evolution: No summary available for evolution in ubuntu hardy.
No description available for evolution in ubuntu hardy.
- evolution-common: No summary available for evolution-common in ubuntu hardy.
No description available for evolution-common in ubuntu hardy.
- evolution-dbg: No summary available for evolution-dbg in ubuntu hardy.
No description available for evolution-dbg in ubuntu hardy.
- evolution-dev: No summary available for evolution-dev in ubuntu hardy.
No description available for evolution-dev in ubuntu hardy.
- evolution-plugins: No summary available for evolution-plugins in ubuntu hardy.
No description available for evolution-plugins in ubuntu hardy.
- evolution-plugins-experimental: No summary available for evolution-plugins-experimental in ubuntu hardy.
No description available for evolution-
plugins- experimental in ubuntu hardy.
