CVE-2008-1109

Publication date 4 June 2008

Last updated 24 July 2024

Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window).

Read the notes from the security team

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
evolution	8.04 LTS hardy	Fixed 2.22.2-0ubuntu1.2
	7.10 gutsy	Fixed 2.12.1-0ubuntu1.3
	7.04 feisty	Fixed 2.10.1-0ubuntu2.4
	6.06 LTS dapper	Fixed 2.6.1-0ubuntu7.4

Notes

jdstrand

redhat has patches for 2.12, 1,4,5, 2.0.2, 2.8

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
evolution	Other: http://svn.gnome.org/viewvc/evolution?view=revision&revision=35595 Vendor: https://rhn.redhat.com/errata/RHSA-2008-0514.html

CVE-2008-1109

Status

Notes

jdstrand

Patch details

References

Related Ubuntu Security Notices (USN)

Other references