A format string error in the "write_html()" function in calendar/gui/e- cal-component-memo-preview.c when displaying a memo's categories can potentially be exploited to execute arbitrary code via a specially crafted shared memo containing format specifiers.
Btw please credit Ulf Härnhammar,Secunia.
Created attachment 113257 [details, diff] evo.diff Patch by Harish Krishnaswamy, SUSE
Thanks for the report, but if we CC the maintainer this will certainly be better :)
*** Bug 171679 has been marked as a duplicate of this bug. ***
Thank you for report Sune. But I have a question. Where did you get the patch from? Looking in upstream CVS I found the following commit to fix this issue: http://svn.gnome.org/viewcvs/evolution/branches/gnome-2-18/calendar/gui/e-cal-component-memo-preview.c?r1=33312&r2=33343 Also ubuntu patch which I got from http://secunia.com/advisories/24651 has the same fix.
This is fixed in >=evolution-2.8.3-r2 which should be stabilized together with gnome-2.16.3.
evolution-2.8.3-r2 is stable on all supported arches now.
GLSA 200706-02, thanks verybody