CVE-2008-1108
Published: 4 June 2008
Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled, allows remote attackers to execute arbitrary code via a long timezone string in an iCalendar attachment.
Notes
Author | Note |
---|---|
jdstrand | redhat has patches for 2.12, 1,4,5, 2.0.2, 2.8 requires ITIP formatter to be disabled (it is enabled by default) testing revealed http://bugzilla.gnome.org/show_bug.cgi?id=535459 (another crasher) |
Priority
Status
Package | Release | Status |
---|---|---|
evolution Launchpad, Ubuntu, Debian |
dapper |
Released
(2.6.1-0ubuntu7.4)
|
feisty |
Released
(2.10.1-0ubuntu2.4)
|
|
gutsy |
Released
(2.12.1-0ubuntu1.3)
|
|
hardy |
Released
(2.22.2-0ubuntu1.2)
|
|
upstream |
Needs triage
|
|
Patches: other: http://svn.gnome.org/viewvc/evolution?view=revision&revision=35595 vendor: https://rhn.redhat.com/errata/RHSA-2008-0514.html |