[Evolution] Bug#322535: marked as done (evolution: Multiple format string vulnerabilities in Evolution)

Debian Bug Tracking System owner at bugs.debian.org
Sat Aug 27 17:48:16 UTC 2005 

Your message dated Sat, 27 Aug 2005 18:41:57 +0100
with message-id <1125164518.4770.83.camel at kaa.jungle.aubergine.my-net-space.net>
and subject line #322535 appears to be fixed
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 11 Aug 2005 09:25:25 +0000
>From jmm at inutil.org Thu Aug 11 02:25:25 2005
Return-path: <jmm at inutil.org>
Received: from ip0.serverflex.de (vserver151.vserver151.serverflex.de) [193.22.164.111] 
	by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
	id 1E39JV-00041P-00; Thu, 11 Aug 2005 02:25:25 -0700
Received: from wlan-client-254.informatik.uni-bremen.de ([134.102.117.4] helo=localhost.localdomain)
	by vserver151.vserver151.serverflex.de with esmtpsa (TLS-1.0:RSA_AES_256_CBC_SHA:32)
	(Exim 4.50)
	id 1E39JT-0000dz-8e
	for submit at bugs.debian.org; Thu, 11 Aug 2005 11:25:23 +0200
Received: from jmm by localhost.localdomain with local (Exim 4.52)
	id 1E39Jq-0001kV-AR; Thu, 11 Aug 2005 11:25:46 +0200
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Moritz Muehlenhoff <jmm at inutil.org>
To: Debian Bug Tracking System <submit at bugs.debian.org>
Subject: evolution: Multiple format string vulnerabilities in Evolution
X-Mailer: reportbug 3.15
Date: Thu, 11 Aug 2005 11:25:46 +0200
Message-Id: <E1E39Jq-0001kV-AR at localhost.localdomain>
X-SA-Exim-Connect-IP: 134.102.117.4
X-SA-Exim-Mail-From: jmm at inutil.org
X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond expanded to false
Delivered-To: submit at bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
	autolearn=no version=2.60-bugs.debian.org_2005_01_02

Package: evolution
Severity: grave
Tags: security

Multiple exploitable format string vulnerabilities have been found in
Evolution. Please see 
http://www.securityfocus.com/archive/1/407789/30/0/threaded
for details. 2.3.7 fixes all these issues.

Cheers,
        Moritz

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-rc5
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15 at euro (charmap=ISO-8859-15)

---------------------------------------
Received: (at 322535-done) by bugs.debian.org; 27 Aug 2005 17:41:32 +0000
>From debian-bts at adam-barratt.org.uk Sat Aug 27 10:41:32 2005
Return-path: <debian-bts at adam-barratt.org.uk>
Received: from bytemark.funky-badger.org [80.68.90.48] 
	by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
	id 1E94gN-00036V-00; Sat, 27 Aug 2005 10:41:32 -0700
Received: from adsl.funky-badger.org ([213.208.101.238] helo=sheerkahn.jungle.aubergine.my-net-space.net)
	by bytemark.funky-badger.org with esmtp (Exim 4.52 #1 (Debian))
	id 1E94mn-0007OE-87; Sat, 27 Aug 2005 18:48:10 +0100
Received: from kaa.jungle.funky-badger.org ([192.168.0.10] helo=kaa.jungle.aubergine.my-net-space.net)
	by sheerkahn.jungle.aubergine.my-net-space.net with esmtp (Exim 4.52)
	id 1E94gq-0005kY-IH; Sat, 27 Aug 2005 18:42:00 +0100
Received: from adam by kaa.jungle.aubergine.my-net-space.net with local (Exim 4.52)
	id 1E94gp-00020D-NC; Sat, 27 Aug 2005 18:41:59 +0100
Subject: #322535 appears to be fixed
From: "Adam D. Barratt" <debian-bts at adam-barratt.org.uk>
To: 322535-done at bugs.debian.org, 322535-submitter at bugs.debian.org
Cc: neilm at debian.org
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Date: Sat, 27 Aug 2005 18:41:57 +0100
Message-Id: <1125164518.4770.83.camel at kaa.jungle.aubergine.my-net-space.net>
Mime-Version: 1.0
X-Mailer: Evolution 2.2.3 
X-BMFB-Scan-Signature: 3cdb0c1b4273759171d666cbec1fbf36
Delivered-To: 322535-done at bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no 
	version=2.60-bugs.debian.org_2005_01_02

Version: 2.2.3-3

Hi,

It looks like this was fixed in the evolution 2.2.3-3 packages uploaded
on Thursday, but not closed due to a typo in the changelog:

evolution (2.2.3-3) unstable; urgency=high

   * security fix. (closes: Bug#32253)
     - Multiple exploitable format string vulnerabilities
       Applied unofficial security fix patch from
       http://www.sitic.se/dokument/evolution.formatstring.patch

 -- Takuo KITAME <kitame at debian.org>  Thu, 25 Aug 2005 14:58:34 +0900

Closing now.

Regards,

Adam

More information about the Pkg-evolution-maintainers mailing list