CVE-2008-1109
Published: 4 June 2008
Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window).
Notes
Author | Note |
---|---|
jdstrand | redhat has patches for 2.12, 1,4,5, 2.0.2, 2.8 |
Priority
Status
Package | Release | Status |
---|---|---|
evolution Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
dapper |
Released
(2.6.1-0ubuntu7.4)
|
|
feisty |
Released
(2.10.1-0ubuntu2.4)
|
|
gutsy |
Released
(2.12.1-0ubuntu1.3)
|
|
hardy |
Released
(2.22.2-0ubuntu1.2)
|
|
Patches: other: http://svn.gnome.org/viewvc/evolution?view=revision&revision=35595 vendor: https://rhn.redhat.com/errata/RHSA-2008-0514.html |