Bug 262555 (CVE-2009-0587)

Comment 1 Stefan Behte (RETIRED) 2009-03-15 12:44:00 UTC

Patches: 

http://ocert.org/patches/2008-015/evc-CVE-2009-0587.diff
http://ocert.org/patches/2008-015/camel-CVE-2009-0587.diff

Comment 2 Gilles Dartiguelongue (RETIRED) 2009-03-16 22:25:40 UTC

I couldn't find any reference to the code in those patches in either 2.22.3-r2 or 2.24.5-r2, am I missing something or is it refering to only 2.24 series that we won't stabilize ?

Comment 3 Robert Buchholz (RETIRED) 2009-03-16 23:12:20 UTC

The version numbers in the CVE entry (and in the oCert advisory) are misleading. This has been fixed since at least EDS 2.21.1 as can be seen in the changelog entries:

http://svn.gnome.org/viewvc/evolution-data-server/tags/EVOLUTION_DATA_SERVER_2_21_1/addressbook/ChangeLog?revision=8170&view=markup&sortby=rev


67 	2007-09-27 Matthew Barnes <mbarnes@redhat.com>
68 	
69 	** Fixes part of bug #474000
70 	
71 	* tests/ebook/test-photo.c (main):
72 	Use GLib's Base64 API instead of EVCard's.

http://svn.gnome.org/viewvc/evolution-data-server/tags/EVOLUTION_DATA_SERVER_2_21_1/camel/ChangeLog?revision=8170&view=markup&sortby=rev

53 	2007-09-27 Matthew Barnes <mbarnes@redhat.com>
54 	
55 	** Fixes part of bug #474000
56 	
57 	* camel-mime-utils.c:
58 	* camel-mime-utils.h:
59 	Deprecate Camel's Base64 API and make the functions thin wrappers
60 	for GLib's Base64 API.
61 	
62 	* camel-multipart.c (set_boundary):
63 	* camel-vee-folder.c (camel_vee_folder_hash_folder):
64 	* camel-mime-filter-basic.c (complete):
65 	* camel-sasl-digest-md5.c (generate_response):
66 	* camel-http-stream.c (camel_http_stream_set_proxy):
67 	* camel-sasl.c (camel_sasl_challenge_base64):
68 	Use GLib's Base64 API instead of Camel's.