Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 262555 (CVE-2009-0587) - <gnome-extra/evolution-data-server-2.24.5 Multiple integer overflows (CVE-2009-0587)
Summary: <gnome-extra/evolution-data-server-2.24.5 Multiple integer overflows (CVE-200...
Alias: CVE-2009-0587
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
Whiteboard: B4 [ebuild]
Depends on:
Blocks: CVE-2009-0582
  Show dependency tree
Reported: 2009-03-15 12:17 UTC by Stefan Behte (RETIRED)
Modified: 2009-03-16 23:12 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behte (RETIRED) gentoo-dev Security 2009-03-15 12:17:40 UTC
CVE-2009-0587 (
  Multiple integer overflows in Evolution Data Server (aka
  evolution-data-server) before 2.24.5 allow context-dependent
  attackers to execute arbitrary code via a long string that is
  converted to a base64 representation in (1)
  addressbook/libebook/e-vcard.c in evc or (2) camel/camel-mime-utils.c
  in libcamel.
Comment 2 Gilles Dartiguelongue (RETIRED) gentoo-dev 2009-03-16 22:25:40 UTC
I couldn't find any reference to the code in those patches in either 2.22.3-r2 or 2.24.5-r2, am I missing something or is it refering to only 2.24 series that we won't stabilize ?
Comment 3 Robert Buchholz (RETIRED) gentoo-dev 2009-03-16 23:12:20 UTC
The version numbers in the CVE entry (and in the oCert advisory) are misleading. This has been fixed since at least EDS 2.21.1 as can be seen in the changelog entries:

67 	2007-09-27 Matthew Barnes <>
69 	** Fixes part of bug #474000
71 	* tests/ebook/test-photo.c (main):
72 	Use GLib's Base64 API instead of EVCard's.

53 	2007-09-27 Matthew Barnes <>
55 	** Fixes part of bug #474000
57 	* camel-mime-utils.c:
58 	* camel-mime-utils.h:
59 	Deprecate Camel's Base64 API and make the functions thin wrappers
60 	for GLib's Base64 API.
62 	* camel-multipart.c (set_boundary):
63 	* camel-vee-folder.c (camel_vee_folder_hash_folder):
64 	* camel-mime-filter-basic.c (complete):
65 	* camel-sasl-digest-md5.c (generate_response):
66 	* camel-http-stream.c (camel_http_stream_set_proxy):
67 	* camel-sasl.c (camel_sasl_challenge_base64):
68 	Use GLib's Base64 API instead of Camel's.