Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 170879 - mail-client/evolution format string error (CVE-2007-1002)
Summary: mail-client/evolution format string error (CVE-2007-1002)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A2 [glsa]
Keywords:
: 171679 (view as bug list)
Depends on: 171107
Blocks:
  Show dependency tree
 
Reported: 2007-03-14 14:05 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified: 2007-06-06 21:00 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
evo.diff (evo.diff,1.34 KB, patch)
2007-03-14 14:08 UTC, Sune Kloppenborg Jeppesen (RETIRED)
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-03-14 14:05:21 UTC
A format string error in the "write_html()" function in calendar/gui/e-
cal-component-memo-preview.c when displaying a memo's categories can
potentially be exploited to execute arbitrary code via a specially
crafted shared memo containing format specifiers.
Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-03-14 14:06:48 UTC
Btw please credit Ulf Härnhammar,Secunia.
Comment 2 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-03-14 14:08:11 UTC
Created attachment 113257 [details, diff]
evo.diff

Patch by Harish Krishnaswamy, SUSE
Comment 3 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2007-03-15 21:15:16 UTC
Thanks for the report, but if we CC the maintainer this will certainly be better :)
Comment 4 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-03-25 06:54:14 UTC
*** Bug 171679 has been marked as a duplicate of this bug. ***
Comment 5 Peter Volkov (RETIRED) gentoo-dev 2007-04-01 18:07:13 UTC
Thank you for report Sune. But I have a question. Where did you get the patch from? Looking in upstream CVS I found the following commit to fix this issue:

http://svn.gnome.org/viewcvs/evolution/branches/gnome-2-18/calendar/gui/e-cal-component-memo-preview.c?r1=33312&r2=33343

Also ubuntu patch which I got from http://secunia.com/advisories/24651 has the same fix.
Comment 6 Peter Volkov (RETIRED) gentoo-dev 2007-04-22 09:50:31 UTC
This is fixed in >=evolution-2.8.3-r2 which should be stabilized together with gnome-2.16.3.
Comment 7 Mart Raudsepp gentoo-dev 2007-06-02 03:08:32 UTC
evolution-2.8.3-r2 is stable on all supported arches now.
Comment 8 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2007-06-06 21:00:02 UTC
GLSA 200706-02, thanks verybody