Ubuntu
evolution package

[CVE-2008-1108, CVE-2008-1109] Evolution iCalendar buffer overflows

Bug #237956 reported by Till Ulen
254
Affects Status Importance Assigned to Milestone
evolution (Ubuntu)
Fix Released
Medium
Unassigned
Dapper
Fix Released
Undecided
Jamie Strandboge
Feisty
Fix Released
Undecided
Jamie Strandboge
Gutsy
Fix Released
Undecided
Jamie Strandboge
Hardy
Fix Released
Undecided
Jamie Strandboge

Bug Description

Binary package hint: evolution

CVE-2008-1108 description:

"Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled, allows remote attackers to execute arbitrary code via a long timezone string in an iCalendar attachment."

CVE-2008-1109 description:

"Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window)."

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1108
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1109
http://secunia.com/advisories/30298

CVE References

Revision history for this message
Sebastien Bacher (seb128) wrote :

thank you for your bug report, that's already being worked by the ubuntu security team, confirming the bug

Changed in evolution:
importance: Undecided → Medium
status: New → Confirmed
Revision history for this message
Sebastien Bacher (seb128) wrote :

the version upload to intrepid today already fixed the issue so closing the bug, the security updates for stable distribution are on their way

Changed in evolution:
status: Confirmed → Fix Released
Jamie Strandboge (jdstrand)
Changed in evolution:
assignee: nobody → jdstrand
status: New → Fix Committed
assignee: nobody → jdstrand
status: New → Fix Committed
assignee: nobody → jdstrand
status: New → Fix Committed
assignee: nobody → jdstrand
status: New → Fix Committed
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

http://www.ubuntu.com/usn/usn-615-1

Changed in evolution:
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.