LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for July 2, 2009

RealtimeKit and the audio problem

VFAT patent avoidance and patent workarounds

LWN.net Weekly Edition for June 25, 2009

Apache attacked by a "slow loris"

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Fedora alert FEDORA-2008-4990 (evolution)



From:
    	      updates@fedoraproject.org


To:
    	      fedora-package-announce@redhat.com


Subject:
    	      [SECURITY] Fedora 9 Update: evolution-2.22.2-2.fc9


Date:
    	      Fri, 06 Jun 2008 07:48:27 +0000


Message-ID:
    	      <200806060747.m567lk8g016011@bastion.fedora.phx.redhat.com>


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-4990
2008-06-06 04:05:24
--------------------------------------------------------------------------------

Name        : evolution
Product     : Fedora 9
Version     : 2.22.2
Release     : 2.fc9
URL         : http://www.gnome.org/projects/evolution/
Summary     : GNOME's next-generation groupware suite
Description :
Evolution is the GNOME mailer, calendar, contact manager and
communications tool.  The components which make up Evolution
are tightly integrated with one another and act as a seamless
personal information-management tool.

--------------------------------------------------------------------------------
Update Information:

Fix two buffer overflows in iCalendar .ics file fromat support discovered and
reported by Alin Rad Pop of the Secunia Research: CVE-2008-1108, CVE-2008-1109,
SA30298    See referenced bugzilla bugs or Secunia advisories for further
details:    http://secunia.com/advisories/30298
http://secunia.com/secunia_research/2008-22/advisory/
http://secunia.com/secunia_research/2008-23/advisory/
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jun  4 2008 Matthew Barnes <mbarnes@redhat.com> - 2.22.2-2.fc9
- Add patches for RH bug #449924 (buffer overflow vulnerabilities).
* Mon May 26 2008 Matthew Barnes <mbarnes@redhat.com> - 2.22.2-1.fc9
- Update to 2.22.2
* Fri May  2 2008 Matthew Barnes <mbarnes@redhat.com> - 2.22.1.1-1.fc9
- Update to 2.22.1.1
- Remove patch for RH bug #437208 (fixed upstream).
- Remove patch for GNOME bug #524121 (fixed upstream).
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #448540 - CVE-2008-1108 evolution: iCalendar buffer overflow via large timezone
specification
        https://bugzilla.redhat.com/show_bug.cgi?id=448540
  [ 2 ] Bug #448541 - CVE-2008-1109 evolution: iCalendar buffer overflow via large description
parameter
        https://bugzilla.redhat.com/show_bug.cgi?id=448541
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update evolution' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-ann...
(Log in to post comments)

Copyright © 2009, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds