[Evolution] Bug#429876: evolution-data-server: remote security bug (negative array index)

brian m. carlson sandals at crustytoothpaste.ath.cx
Wed Jun 20 21:22:43 UTC 2007


Package: evolution-data-server
Version: 1.10.2-1
Severity: grave
Tags: security

E-D-S 2.11.4 has just been released with a fix for
http://bugs.gnome.org/447414 , which is a remotely-exploitable negative
array index.  I found this out by reading Philip Van Hoof's blog[0].  A
backport to GNOME's 2.18 branch is either present or in progress; I
can't tell from the bug report.

[0] http://pvanhoof.be/blog/index.php/2007/06/19/todays-new-evolution-release

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.22-rc5-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages evolution-data-server depends on:
ii  evolutio 1.10.2-1                        architecture independent files for
ii  libbonob 2.18.0-2                        Bonobo CORBA interfaces library
ii  libc6    2.5-11                          GNU C Library: Shared libraries
ii  libcamel 1.10.2-1                        The Evolution MIME message handlin
ii  libcomer 1.39+1.40-WIP-2007.04.07+dfsg-2 common error description library
ii  libdb4.4 4.4.20-8                        Berkeley v4.4 Database Libraries [
ii  libebook 1.10.2-1                        Client library for evolution addre
ii  libecal1 1.10.2-1                        Client library for evolution calen
ii  libedata 1.10.2-1                        Backend library for evolution addr
ii  libedata 1.10.2-1                        Backend library for evolution cale
ii  libedata 1.10.2-1                        Utility library for evolution data
ii  libegrou 1.10.2-1                        Client library for accessing group
ii  libgconf 2.18.0.1-3                      GNOME configuration database syste
ii  libglib2 2.12.12-1                       The GLib library of C routines
ii  libgnome 2.18.0-4                        The GNOME 2 library - runtime file
ii  libgnome 1:2.18.1-2                      GNOME Virtual File System (runtime
ii  libgnutl 1.6.3-1                         the GNU TLS library - runtime libr
ii  libkrb53 1.6.dfsg.1-4                    MIT Kerberos runtime libraries
ii  libldap2 2.1.30-13.4                     OpenLDAP libraries
ii  libnspr4 4.6.6-3                         NetScape Portable Runtime Library
ii  libnss3- 3.11.5-3+b1                     Network Security Service libraries
ii  liborbit 1:2.14.7-0.1                    libraries for ORBit2 - a CORBA ORB
ii  libpopt0 1.10-3                          lib for parsing cmdline parameters
ii  libsoup2 2.2.100-1                       an HTTP library implementation in 
ii  libxml2  2.6.29.dfsg-1                   GNOME XML library
ii  zlib1g   1:1.2.3-15                      compression library - runtime

evolution-data-server recommends no packages.

-- no debconf information

-- 
brian m. carlson / brian with sandals: Houston, Texas, US
+1 713 440 7475 | http://crustytoothpaste.ath.cx/~bmc | My opinion only
Screw you, AACS LA: 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
OpenPGP: RSA v4 4096b 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 827 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-evolution-maintainers/attachments/20070620/b2c48b3e/attachment.pgp 


More information about the Pkg-evolution-maintainers mailing list