Joey Hess
2005-Sep-08 18:53 UTC
[Secure-testing-commits] r1863 - in data/DTSA: . advs hints
Author: joeyh
Date: 2005-09-08 18:53:15 +0000 (Thu, 08 Sep 2005)
New Revision: 1863
Added:
data/DTSA/advs/13-evolution.adv
Modified:
data/DTSA/hints/joeyh
data/DTSA/list
Log:
add DSTA 13 (evolution)
Added: data/DTSA/advs/13-evolution.adv
==================================================================---
data/DTSA/advs/13-evolution.adv 2005-09-08 17:30:31 UTC (rev 1862)
+++ data/DTSA/advs/13-evolution.adv 2005-09-08 18:53:15 UTC (rev 1863)
@@ -0,0 +1,26 @@
+source: evolution
+date: September 8th, 2005
+author: Joey Hess
+vuln-type: format string vulnerabilities
+problem-scope: remote
+debian-specifc: no
+cve: CAN-2005-2549 CAN-2005-2550
+testing-fix: 2.2.3-2etch1
+sid-fix: 2.2.3-3
+upgrade: apt-get install evolution
+
+Multiple vulnerabilities were discovered in evolution:
+
+CAN-2005-2549
+
+Multiple format string vulnerabilities in Evolution allow remote attackers
+to cause a denial of service (crash) and possibly execute arbitrary code via
+(1) full vCard data, (2) contact data from remote LDAP servers, or (3) task
+list data from remote servers.
+
+CAN-2005-2550
+
+Format string vulnerability in Evolution allows remote attackers to cause a
+denial of service (crash) and possibly execute arbitrary code via the
+calendar entries such as task lists, which are not properly handled when
+the user selects the Calendars tab.
Modified: data/DTSA/hints/joeyh
==================================================================---
data/DTSA/hints/joeyh 2005-09-08 17:30:31 UTC (rev 1862)
+++ data/DTSA/hints/joeyh 2005-09-08 18:53:15 UTC (rev 1863)
@@ -1,3 +1,6 @@
+sync gal2.4/2.4.3-1.0etch1
+sync evolution-data-server/1.2.3-1etch1
+sync evolution/2.2.3-2etch1
sync vim/1:6.3-085+0.0etch1
sync bluez-utils/2.19-0.1etch1
sync bluez-libs/2.19-0.1etch1
Modified: data/DTSA/list
==================================================================---
data/DTSA/list 2005-09-08 17:30:31 UTC (rev 1862)
+++ data/DTSA/list 2005-09-08 18:53:15 UTC (rev 1863)
@@ -33,3 +33,6 @@
[September 8th, 2005] DTSA-12-1 vim - modeline exploits
{CAN-2005-2368 }
- vim 1:6.3-085+0.0etch1 (medium)
+[September 8th, 2005] DTSA-13-1 evolution - format string vulnerabilities
+ {CAN-2005-2549 CAN-2005-2550 }
+ - evolution 2.2.3-2etch1 (high)