[Evolution] Bug#429876: evolution-data-server: remote security bug (negative array index)
brian m. carlson
sandals at crustytoothpaste.ath.cx
Wed Jun 20 21:22:43 UTC 2007
Package: evolution-data-server
Version: 1.10.2-1
Severity: grave
Tags: security
E-D-S 2.11.4 has just been released with a fix for
http://bugs.gnome.org/447414 , which is a remotely-exploitable negative
array index. I found this out by reading Philip Van Hoof's blog[0]. A
backport to GNOME's 2.18 branch is either present or in progress; I
can't tell from the bug report.
[0] http://pvanhoof.be/blog/index.php/2007/06/19/todays-new-evolution-release
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.22-rc5-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages evolution-data-server depends on:
ii evolutio 1.10.2-1 architecture independent files for
ii libbonob 2.18.0-2 Bonobo CORBA interfaces library
ii libc6 2.5-11 GNU C Library: Shared libraries
ii libcamel 1.10.2-1 The Evolution MIME message handlin
ii libcomer 1.39+1.40-WIP-2007.04.07+dfsg-2 common error description library
ii libdb4.4 4.4.20-8 Berkeley v4.4 Database Libraries [
ii libebook 1.10.2-1 Client library for evolution addre
ii libecal1 1.10.2-1 Client library for evolution calen
ii libedata 1.10.2-1 Backend library for evolution addr
ii libedata 1.10.2-1 Backend library for evolution cale
ii libedata 1.10.2-1 Utility library for evolution data
ii libegrou 1.10.2-1 Client library for accessing group
ii libgconf 2.18.0.1-3 GNOME configuration database syste
ii libglib2 2.12.12-1 The GLib library of C routines
ii libgnome 2.18.0-4 The GNOME 2 library - runtime file
ii libgnome 1:2.18.1-2 GNOME Virtual File System (runtime
ii libgnutl 1.6.3-1 the GNU TLS library - runtime libr
ii libkrb53 1.6.dfsg.1-4 MIT Kerberos runtime libraries
ii libldap2 2.1.30-13.4 OpenLDAP libraries
ii libnspr4 4.6.6-3 NetScape Portable Runtime Library
ii libnss3- 3.11.5-3+b1 Network Security Service libraries
ii liborbit 1:2.14.7-0.1 libraries for ORBit2 - a CORBA ORB
ii libpopt0 1.10-3 lib for parsing cmdline parameters
ii libsoup2 2.2.100-1 an HTTP library implementation in
ii libxml2 2.6.29.dfsg-1 GNOME XML library
ii zlib1g 1:1.2.3-15 compression library - runtime
evolution-data-server recommends no packages.
-- no debconf information
--
brian m. carlson / brian with sandals: Houston, Texas, US
+1 713 440 7475 | http://crustytoothpaste.ath.cx/~bmc | My opinion only
Screw you, AACS LA: 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
OpenPGP: RSA v4 4096b 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 827 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-evolution-maintainers/attachments/20070620/b2c48b3e/attachment.pgp
More information about the Pkg-evolution-maintainers
mailing list