PublicDate: 2008-06-04 20:32:00 UTC
Candidate: CVE-2008-1108
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1108
 https://ubuntu.com/security/notices/USN-615-1
Description:
 Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is
 disabled, allows remote attackers to execute arbitrary code via a long
 timezone string in an iCalendar attachment.
Ubuntu-Description: 
Notes: 
 jdstrand> redhat has patches for 2.12, 1,4,5, 2.0.2, 2.8
 jdstrand> requires ITIP formatter to be disabled (it is enabled by default)
 jdstrand> testing revealed http://bugzilla.gnome.org/show_bug.cgi?id=535459
  (another crasher)
Bugs: 
Priority: medium
Discovered-by: Alin Rad Pop
Assigned-to: jdstrand
CVSS: 

Patches_evolution:
 other: http://svn.gnome.org/viewvc/evolution?view=revision&revision=35595
 vendor: https://rhn.redhat.com/errata/RHSA-2008-0514.html
upstream_evolution: needs-triage
dapper_evolution: released (2.6.1-0ubuntu7.4)
feisty_evolution: released (2.10.1-0ubuntu2.4)
gutsy_evolution: released (2.12.1-0ubuntu1.3)
hardy_evolution: released (2.22.2-0ubuntu1.2)
devel_evolution: released (2.23.3.1-0ubuntu1)