Summary: | mail-client/evolution CAN-2005-0102: Arbitrary code execution | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Sune Kloppenborg Jeppesen (RETIRED) <jaervosz> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | major | CC: | dercorny, liquidx, obz | ||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | All | ||||||
URL: | http://www.ubuntulinux.org/support/documentation/usn/usn-69-1 | ||||||
Whiteboard: | A2 [glsa] jaervosz | ||||||
Package list: | Runtime testing required: | --- | |||||
Bug Depends on: | 76251 | ||||||
Bug Blocks: | |||||||
Attachments: |
|
Description
Sune Kloppenborg Jeppesen (RETIRED)
2005-01-23 02:35:59 UTC
Created attachment 49262 [details, diff]
CAN-2005-0102.patch
Alastair/Mike please provide an updated ebuild. There are two new ebuilds that include the patch - 2.0.2-r1 and 2.0.3-r1. Currently, the keywords for evolution are as follows: evolution-2.0.2.ebuild:KEYWORDS="x86 amd64 ppc sparc hppa ia64 ~mips alpha" evolution-2.0.2-r1.ebuild:KEYWORDS="x86 ~amd64 ppc ~sparc ~hppa ~ia64 ~mips ~alpha" evolution-2.0.3.ebuild:KEYWORDS="~x86 ~amd64 ~ppc ~sparc ~hppa ~ia64 ~mips ~alpha" evolution-2.0.3-r1.ebuild:KEYWORDS="~x86 ~amd64 ~ppc ~sparc ~hppa ~ia64 ~mips ~alpha" If all archs could please mark evolution-2.0.2-r1 stable now, and move to evolution-2.0.3-r1 as per usual. Opening bug. Arches please test and mark stable. closing again. Calling individual testers in a moment. Sorry for the arch noise. This is still only semi-public. Arches please test and mark 2.0.2-r1 stable: amd64 -> slarti sparc -> gustavoz hppa -> gmsoft ia64 -> agriffis alpha -> kloeri AMD64 done, thanks. [ebuild NS ] mail-client/evolution-2.0.3-r1 +crypt -debug -doc -ipv6 -kerberos +ldap +mozilla -nntp -pda +spell +ssl 0 kB Fails to build here with * Scanning for a open DISPLAY to start Xvfb ... * * Unable to start Xvfb. * * '/usr/X11R6/bin/Xvfb :17 -screen 0 800x600x24' returns: * /var/cvsroot/gentoo-x86//eclass/virtualx.eclass: line 71: /usr/X11R6/bin/Xvfb: No such file or directory * * If possible, correct the above error and try your emerge again. * -------------------------------------------------------------------- I do not have or use framebuffer support. adding liquidx@ to the CC: as he is the listed maintainer. Removing liquidx. According to Obz he's no longer maintaining this. Obz please update metadata.xml and advise on current ebuild. Solar see bug 76251 , regarding USE="minimal" xorg-x11 installs, somehow I missed it because it's assigned to azarah. Ccing DerCorny for the GLSA draft Public, since Ubuntu leaked it. 2.0.2-r1 stable on sparc. sorry for the delay, but i usually lack X access to sparc during weekends. Alpha stable. GLSA 200501-35 hppa/ia64: please mark stable to benefit from GLSA. Thanks to DerCorny for the draft. Already stable on hppa. ebuild no longer in portage. |