[SECURITY] Fedora 8 Update: evolution-2.12.3-5.fc8

updates at fedoraproject.org updates at fedoraproject.org
Fri Jun 6 07:49:59 UTC 2008


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-5016
2008-06-06 04:09:24
--------------------------------------------------------------------------------

Name        : evolution
Product     : Fedora 8
Version     : 2.12.3
Release     : 5.fc8
URL         : http://www.gnome.org/projects/evolution/
Summary     : GNOME's next-generation groupware suite
Description :
Evolution is the GNOME mailer, calendar, contact manager and
communications tool.  The tools which make up Evolution will
be tightly integrated with one another and act as a seamless
personal information-management tool.

--------------------------------------------------------------------------------
Update Information:

Fix two buffer overflows in iCalendar .ics file fromat support discovered and
reported by Alin Rad Pop of the Secunia Research: CVE-2008-1108, CVE-2008-1109,
SA30298    See referenced bugzilla bugs or Secunia advisories for further
details:    http://secunia.com/advisories/30298
http://secunia.com/secunia_research/2008-22/advisory/
http://secunia.com/secunia_research/2008-23/advisory/
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jun  4 2008 Matthew Barnes <mbarnes at redhat.com> - 2.12.3-5.fc8
- Add patches for RH bug #449923 (buffer overflow vulnerabilities).
* Tue Mar 25 2008 Dan Williams <dcbw at redhat.com> - 2.12.3-4.fc8
- Add patch for GNOME bug #524310
* Tue Mar  4 2008 Matthew Barnes <mbarnes at redhat.com> - 2.12.3-3.fc8
- Add patch for CVE-2008-0072 (format string vulnerability).
* Mon Mar  3 2008 Milan Crha <mcrha at redhat.com> - 2.12.3-2.fc8
- Add patch for GNOME bug #351672 (dragging IMAP messages locks X)
* Mon Jan  7 2008 Milan Crha <mcrha at redhat.com> - 2.12.3-1.fc8
- Update to 2.12.3
- Removed patch for RH bug #215467 / GNOME bug #380644 (fixed upstream).
- Removed patch for RH bug #404591 / GNOME bug #491062 (fixed upstream).
- Removed patch for RH bug #499920 (fixed upstream).
- Removed patch for GNOME bug #363695 (causes issues)
* Thu Dec  6 2007 Matthew Barnes <mbarnes at redhat.com> - 2.12.2-3.fc8
- Add patch for GNOME bug #499920 (invalid #include, mainly for Zimbra).
* Thu Nov 29 2007 Milan Crha <mcrha at redhat.com> - 2.12.2-2.fc8
- Add patch for RH bug #404591 (do not add automatic contacts
  if disabled)
* Tue Nov 27 2007 Milan Crha <mcrha at redhat.com> - 2.12.2-1.fc8
- Update to 2.12.2
* Fri Nov 16 2007 Milan Crha <mcrha at redhat.com> - 2.12.1-4.fc8
- Add patch for GNOME bug #454465 (fix Save button in task dialog)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #448541 - CVE-2008-1109 evolution: iCalendar buffer overflow via large description parameter
        https://bugzilla.redhat.com/show_bug.cgi?id=448541
  [ 2 ] Bug #448540 - CVE-2008-1108 evolution: iCalendar buffer overflow via large timezone specification
        https://bugzilla.redhat.com/show_bug.cgi?id=448540
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update evolution' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------




More information about the package-announce mailing list