| Summary: | mail-client/evolution format string error (CVE-2007-1002) | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Sune Kloppenborg Jeppesen (RETIRED) <jaervosz> | ||||
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
| Status: | RESOLVED FIXED | ||||||
| Severity: | major | CC: | gnome-office+disabled, liquidx | ||||
| Priority: | High | ||||||
| Version: | unspecified | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | A2 [glsa] | ||||||
| Package list: | Runtime testing required: | --- | |||||
| Bug Depends on: | 171107 | ||||||
| Bug Blocks: | |||||||
| Attachments: |
|
||||||
|
Description
Sune Kloppenborg Jeppesen (RETIRED)
2007-03-14 14:05:21 UTC
Btw please credit Ulf Härnhammar,Secunia. Created attachment 113257 [details, diff]
evo.diff
Patch by Harish Krishnaswamy, SUSE
Thanks for the report, but if we CC the maintainer this will certainly be better :) *** Bug 171679 has been marked as a duplicate of this bug. *** Thank you for report Sune. But I have a question. Where did you get the patch from? Looking in upstream CVS I found the following commit to fix this issue: http://svn.gnome.org/viewcvs/evolution/branches/gnome-2-18/calendar/gui/e-cal-component-memo-preview.c?r1=33312&r2=33343 Also ubuntu patch which I got from http://secunia.com/advisories/24651 has the same fix. This is fixed in >=evolution-2.8.3-r2 which should be stabilized together with gnome-2.16.3. evolution-2.8.3-r2 is stable on all supported arches now. GLSA 200706-02, thanks verybody |