rpms/evolution/F-8 evolution-2.12.3-CVE-2008-0072.patch, NONE, 1.1 evolution.spec, 1.307, 1.308

Matthew Barnes (mbarnes) fedora-extras-commits at redhat.com
Wed Mar 5 15:12:19 UTC 2008 

Author: mbarnes

Update of /cvs/pkgs/rpms/evolution/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv6919

Modified Files:
	evolution.spec 
Added Files:
	evolution-2.12.3-CVE-2008-0072.patch 
Log Message:

* Tue Mar 04 2008 Matthew Barnes <mbarnes at redhat.com> - 2.12.3-3.fc8
- Add patch for CVE-2008-0072 (format string vulnerability).


evolution-2.12.3-CVE-2008-0072.patch:

--- NEW FILE evolution-2.12.3-CVE-2008-0072.patch ---
diff -up evolution-2.12.3/mail/em-format.c.CVE-2008-0072 evolution-2.12.3/mail/em-format.c
--- evolution-2.12.3/mail/em-format.c.CVE-2008-0072	2007-10-12 02:56:01.000000000 -0400
+++ evolution-2.12.3/mail/em-format.c	2008-03-04 15:59:30.000000000 -0500
@@ -1193,7 +1193,7 @@ emf_application_xpkcs7mime(EMFormat *emf
 	opart = camel_mime_part_new();
 	valid = camel_cipher_decrypt(context, part, opart, ex);
 	if (valid == NULL) {
-		em_format_format_error(emf, stream, ex->desc?ex->desc:_("Could not parse S/MIME message: Unknown error"));
+		em_format_format_error(emf, stream, "%s", ex->desc?ex->desc:_("Could not parse S/MIME message: Unknown error"));
 		em_format_part_as(emf, stream, part, NULL);
 	} else {
 		if (emfc == NULL)
@@ -1350,7 +1350,7 @@ emf_multipart_encrypted(EMFormat *emf, C
 	if (valid == NULL) {
 		em_format_format_error(emf, stream, ex->desc?_("Could not parse PGP/MIME message"):_("Could not parse PGP/MIME message: Unknown error"));
 		if (ex->desc)
-			em_format_format_error(emf, stream, ex->desc);
+			em_format_format_error(emf, stream, "%s", ex->desc);
 		em_format_part_as(emf, stream, part, "multipart/mixed");
 	} else {
 		if (emfc == NULL)
@@ -1515,7 +1515,7 @@ emf_multipart_signed(EMFormat *emf, Came
 		if (valid == NULL) {
 			em_format_format_error(emf, stream, ex->desc?_("Error verifying signature"):_("Unknown error verifying signature"));
 			if (ex->desc)
-				em_format_format_error(emf, stream, ex->desc);
+				em_format_format_error(emf, stream, "%s", ex->desc);
 			em_format_part_as(emf, stream, part, "multipart/mixed");
 		} else {
 			if (emfc == NULL)
@@ -1586,7 +1586,7 @@ emf_inlinepgp_signed(EMFormat *emf, Came
 	if (!valid) {
 		em_format_format_error(emf, stream, ex->desc?_("Error verifying signature"):_("Unknown error verifying signature"));
 		if (ex->desc)
-			em_format_format_error(emf, stream, ex->desc);
+			em_format_format_error(emf, stream, "%s", ex->desc);
 		em_format_format_source(emf, stream, ipart);
 		/* I think this will loop: em_format_part_as(emf, stream, part, "text/plain"); */
 		camel_exception_free(ex);
@@ -1657,7 +1657,7 @@ emf_inlinepgp_encrypted(EMFormat *emf, C
 	if (!valid) {
 		em_format_format_error(emf, stream, ex->desc?_("Could not parse PGP message"):_("Could not parse PGP message: Unknown error"));
 		if (ex->desc)
-			em_format_format_error(emf, stream, ex->desc);
+			em_format_format_error(emf, stream, "%s", ex->desc);
 		em_format_format_source(emf, stream, ipart);
 		/* I think this will loop: em_format_part_as(emf, stream, part, "text/plain"); */
 		camel_exception_free(ex);


Index: evolution.spec
===================================================================
RCS file: /cvs/pkgs/rpms/evolution/F-8/evolution.spec,v
retrieving revision 1.307
retrieving revision 1.308
diff -u -r1.307 -r1.308
--- evolution.spec	3 Mar 2008 18:25:07 -0000	1.307
+++ evolution.spec	5 Mar 2008 15:11:19 -0000	1.308
@@ -46,7 +46,7 @@
 
 Name: evolution
 Version: 2.12.3
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: GPLv2 and GFDL+
 Group: Applications/Productivity
 Summary: GNOME's next-generation groupware suite
@@ -126,6 +126,9 @@
 # GNOME bug #351672
 Patch38: evolution-2.12.3-no-drag-finish.patch
 
+# CVE-2008-0072
+Patch39: evolution-2.12.3-CVE-2008-0072.patch
+
 ## Dependencies ###
 
 Requires(post): GConf2
@@ -269,6 +272,7 @@
 %patch36 -p1 -b .icon-names
 %patch37 -p1 -b .source-changed-event
 %patch38 -p1 -b .no-drag-finish
+%patch39 -p1 -b .CVE-2008-0027
 
 mkdir -p krb5-fakeprefix/include
 mkdir -p krb5-fakeprefix/lib
@@ -719,6 +723,9 @@
 %dir %{_datadir}/omf/evolution
 
 %changelog
+* Tue Mar 04 2008 Matthew Barnes <mbarnes at redhat.com> - 2.12.3-3.fc8
+- Add patch for CVE-2008-0072 (format string vulnerability).
+
 * Mon Mar 03 2008 Milan Crha <mcrha at redhat.com> - 2.12.3-2.fc8
 - Add patch for GNOME bug #351672 (dragging IMAP messages locks X)

More information about the fedora-extras-commits mailing list