CVE-2008-1108

Publication date 4 June 2008

Last updated 24 July 2024


Ubuntu priority

Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled, allows remote attackers to execute arbitrary code via a long timezone string in an iCalendar attachment.

Read the notes from the security team

Status

Package Ubuntu Release Status
evolution 8.04 LTS hardy
Fixed 2.22.2-0ubuntu1.2
7.10 gutsy
Fixed 2.12.1-0ubuntu1.3
7.04 feisty
Fixed 2.10.1-0ubuntu2.4
6.06 LTS dapper
Fixed 2.6.1-0ubuntu7.4

Notes


jdstrand

redhat has patches for 2.12, 1,4,5, 2.0.2, 2.8 requires ITIP formatter to be disabled (it is enabled by default) testing revealed http://bugzilla.gnome.org/show_bug.cgi?id=535459 (another crasher)

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
evolution

References

Related Ubuntu Security Notices (USN)

    • USN-615-1
    • Evolution vulnerabilities
    • 6 June 2008

Other references