| Weekly edition | Kernel | Security | Distributions | Search |
| Archives | Calendar | Subscribe | Write for LWN | LWN.net FAQ |
Fedora alert FEDORA-2008-2292 (evolution)
| From: | updates@fedoraproject.org | |
| To: | fedora-package-announce@redhat.com | |
| Subject: | [SECURITY] Fedora 8 Update: evolution-2.12.3-3.fc8 | |
| Date: | Thu, 06 Mar 2008 16:38:34 +0000 | |
| Message-ID: | <200803061639.m26GdalG013392@bastion.fedora.phx.redhat.com> |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2008-2292 2008-03-06 16:13:13 -------------------------------------------------------------------------------- Name : evolution Product : Fedora 8 Version : 2.12.3 Release : 3.fc8 URL : http://www.gnome.org/projects/evolution/ Summary : GNOME's next-generation groupware suite Description : Evolution is the GNOME mailer, calendar, contact manager and communications tool. The tools which make up Evolution will be tightly integrated with one another and act as a seamless personal information-management tool. -------------------------------------------------------------------------------- Update Information: Ulf H?hammar of Secunia Research discovered a format string flaw in the way Evolution displayed encrypted mail content. If a user opened a carefully crafted mail message, arbitrary code could be executed as the user running Evolution. (CVE-2008-0072) -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 4 2008 Matthew Barnes <mbarnes@redhat.com> - 2.12.3-3.fc8 - Add patch for CVE-2008-0072 (format string vulnerability). * Mon Mar 3 2008 Milan Crha <mcrha@redhat.com> - 2.12.3-2.fc8 - Add patch for GNOME bug #351672 (dragging IMAP messages locks X) * Mon Jan 7 2008 Milan Crha <mcrha@redhat.com> - 2.12.3-1.fc8 - Update to 2.12.3 - Removed patch for RH bug #215467 / GNOME bug #380644 (fixed upstream). - Removed patch for RH bug #404591 / GNOME bug #491062 (fixed upstream). - Removed patch for RH bug #499920 (fixed upstream). - Removed patch for GNOME bug #363695 (causes issues) * Thu Dec 6 2007 Matthew Barnes <mbarnes@redhat.com> - 2.12.2-3.fc8 - Add patch for GNOME bug #499920 (invalid #include, mainly for Zimbra). * Thu Nov 29 2007 Milan Crha <mcrha@redhat.com> - 2.12.2-2.fc8 - Add patch for RH bug #404591 (do not add automatic contacts if disabled) * Tue Nov 27 2007 Milan Crha <mcrha@redhat.com> - 2.12.2-1.fc8 - Update to 2.12.2 * Fri Nov 16 2007 Milan Crha <mcrha@redhat.com> - 2.12.1-4.fc8 - Add patch for GNOME bug #454465 (fix Save button in task dialog) -------------------------------------------------------------------------------- References: [ 1 ] Bug #435759 - CVE-2008-0072 Evolution format string flaw https://bugzilla.redhat.com/show_bug.cgi?id=435759 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update evolution' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at http://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-ann...
(Log in to post comments)