[Evolution] Bug#484369: evolution: Building with -D_FORTIFY_SOURCE=2

Moritz Muehlenhoff jmm at debian.org
Tue Jun 3 21:50:18 UTC 2008

Package: evolution
Severity: wishlist

Although format string vulnerabilities are becoming less common
in general, they're still occasionally being found in Evolution,
e.g. CVE-2007-1002 and CVE-2008-0072 in the recent two years.

Building with -D_FORTIFY_SOURCE=2 prevents exploitability for
many format string attacks. Could you build Lenny's Evolution
with it enabled?

Please see the package hardening-wrapper for easy testing and
the README.Debian included within.


-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.25-2-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15 at euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

More information about the Pkg-evolution-maintainers mailing list