Bug 170879 - mail-client/evolution format string error (CVE-2007-1002)
Bug#: 170879 Product:  Gentoo Security Version: unspecified Platform: All
OS/Version: Linux Status: RESOLVED Severity: major Priority: P2
Resolution: FIXED Assigned To: security@gentoo.org Reported By: jaervosz@gentoo.org
Component: Vulnerabilities
URL: 
Summary: mail-client/evolution format string error (CVE-2007-1002)
Keywords:  
Status Whiteboard: A2 [glsa]
Opened: 2007-03-14 14:05 0000
Description:   Opened: 2007-03-14 14:05 0000 
A format string error in the "write_html()" function in calendar/gui/e-
cal-component-memo-preview.c when displaying a memo's categories can
potentially be exploited to execute arbitrary code via a specially
crafted shared memo containing format specifiers.

------- Comment #1 From Sune Kloppenborg Jeppesen 2007-03-14 14:06:48 0000 ------- 
Btw please credit Ulf Härnhammar,Secunia.

------- Comment #2 From Sune Kloppenborg Jeppesen 2007-03-14 14:08:11 0000 ------- 
Created an attachment (id=113257) [details]
evo.diff

Patch by Harish Krishnaswamy, SUSE

------- Comment #3 From Raphael Marichez 2007-03-15 21:15:16 0000 ------- 
Thanks for the report, but if we CC the maintainer this will certainly be
better :)

------- Comment #4 From Sune Kloppenborg Jeppesen 2007-03-25 06:54:14 0000 ------- 
*** Bug 171679 has been marked as a duplicate of this bug. ***

------- Comment #5 From Peter Volkov 2007-04-01 18:07:13 0000 ------- 
Thank you for report Sune. But I have a question. Where did you get the patch
from? Looking in upstream CVS I found the following commit to fix this issue:

http://svn.gnome.org/viewcvs/evolution/branches/gnome-2-18/calendar/gui/e-cal-component-memo-preview.c?r1=33312&r2=33343

Also ubuntu patch which I got from http://secunia.com/advisories/24651 has the
same fix.

------- Comment #6 From Peter Volkov 2007-04-22 09:50:31 0000 ------- 
This is fixed in >=evolution-2.8.3-r2 which should be stabilized together with
gnome-2.16.3.

------- Comment #7 From Mart Raudsepp 2007-06-02 03:08:32 0000 ------- 
evolution-2.8.3-r2 is stable on all supported arches now.

------- Comment #8 From Raphael Marichez 2007-06-06 21:00:02 0000 ------- 
GLSA 200706-02, thanks verybody