[SECURITY] Fedora 7 Update: evolution-2.10.3-10.fc7

updates at fedoraproject.org updates at fedoraproject.org
Fri Jun 6 07:50:16 UTC 2008


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-5018
2008-06-06 04:09:42
--------------------------------------------------------------------------------

Name        : evolution
Product     : Fedora 7
Version     : 2.10.3
Release     : 10.fc7
URL         : http://www.gnome.org/projects/evolution/
Summary     : GNOME's next-generation groupware suite
Description :
Evolution is the GNOME mailer, calendar, contact manager and
communications tool.  The tools which make up Evolution will
be tightly integrated with one another and act as a seamless
personal information-management tool.

--------------------------------------------------------------------------------
Update Information:

Fix two buffer overflows in iCalendar .ics file fromat support discovered and
reported by Alin Rad Pop of the Secunia Research: CVE-2008-1108, CVE-2008-1109,
SA30298    See referenced bugzilla bugs or Secunia advisories for further
details:    http://secunia.com/advisories/30298
http://secunia.com/secunia_research/2008-22/advisory/
http://secunia.com/secunia_research/2008-23/advisory/
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jun  4 2008 Matthew Barnes <mbarnes at redhat.com> - 2.10.3-10.fc7
- Add patches for RH bug #449922 (buffer overflow vulnerabilities).
* Tue Mar 25 2008 Dan Williams <dcbw at redhat.com> - 2.10.3-9.fc7
- Add patch for GNOME bug #524310
* Tue Mar  4 2008 Matthew Barnes <mbarnes at redhat.com> - 2.10.3-8.fc7
- Add patch for CVE-2008-0072 (format string vulnerability).
* Sat Nov  3 2007 Matthew Barnes <mbarnes at redhat.com> - 2.10.3-7.fc7
- Add patch for RH bug #249640 (todo conduit crash).
* Wed Oct 31 2007 Dan Williams <dcbw at redhat.com> - 2.10.3-6.fc7
- Backport fix for GNOME bug #239441
* Thu Aug 30 2007 Matthew Barnes <mbarnes at redhat.com> - 2.10.3-5.fc7
- Revise patch for GNOME bug #417999 to fix GNOME bug #447591
  (Automatic Contacts combo boxes don't work).
* Wed Aug 29 2007 Matthew Barnes <mbarnes at redhat.com> - 2.10.3-4.fc7
- Revise patch for GNOME bug #362638 to fix GNOME bug #357175
  (Evolution fails to close after IMAP alert has been displayed).
* Fri Jul 27 2007 Matthew Barnes <mbarnes at redhat.com> - 2.10.3-3.fc7
- Add patch for GNOME bug #380534 (clarify version requirements).
* Sat Jul 14 2007 Matthew Barnes <mbarnes at redhat.com> - 2.10.3-2.fc7
- Revise patch for GNOME bug #362638 to fix RH bug #245695 (crash on alert).
* Mon Jul  2 2007 Matthew Barnes <mbarnes at redhat.com> - 2.10.3-1.fc7
- Update to 2.10.3
* Wed Jun 27 2007 Matthew Barnes <mbarnes at redhat.com> - 2.10.2-3.fc7
- Revise patch for GNOME bug #362638 to fix RH bug #245289 (frequent hangs).
* Wed Jun  6 2007 Matthew Barnes <mbarnes at redhat.com> - 2.10.2-2.fc7
- Revise patch for GNOME bug #362638 to fix RH bug #240507 (hang on exit).
* Mon May 28 2007 Matthew Barnes <mbarnes at redhat.com> - 2.10.2-1.fc7
- Update to 2.10.2
- Remove patch for RH bug #202289 (fixed upstream).
- Remove patch for RH bug #235878 (fixed upstream).
- Remove patch for RH bug #238551 (fixed upstream).
* Wed May 16 2007 Matthew Barnes <mbarnes at redhat.com> - 2.10.1-17.fc7
- Revise patch for GNOME bug #362638 to fix RH bug #237206
  (certificate prompt causes crash, again).
* Tue May 15 2007 Matthew Barnes <mbarnes at redhat.com> - 2.10.1-16.fc7
- Add patch for RH bug #240147 (Send/Receive dialog layout).
* Mon May 14 2007 Matthew Barnes <mbarnes at redhat.com> - 2.10.1-15.fc7
- Revise patch for RH bug #236860 to match upstream's solution.
* Mon May 14 2007 Matthew Barnes <mbarnes at redhat.com> - 2.10.1-14.fc7
- Revise patch for RH bug #238155 (crash on startup).
* Mon May  7 2007 Matthew Barnes <mbarnes at redhat.com> - 2.10.1-13.fc7
- Add patch for RH bug #238155 (crash on startup).
* Tue May  1 2007 Matthew Barnes <mbarnes at redhat.com> - 2.10.1-12.fc7
- Add patch for RH bug #238551 (incorrect attachment count).
* Tue May  1 2007 Matthew Barnes <mbarnes at redhat.com> - 2.10.1-10.fc7
- Revise patch for GNOME bug #363695 to fix RH bug #238497
  (crash sorting "To" column).
* Mon Apr 30 2007 Matthew Barnes <mbarnes at redhat.com> - 2.10.1-9.fc7
- Revise some patches so that we don't have to run autoreconf.
- Remove patch for GNOME bug #427939 (use a different work-around).
* Fri Apr 27 2007 Matthew Barnes <mbarnes at redhat.com> - 2.10.1-8.fc7
- Add patch for RH bug #236399 (en_CA attribution format).
* Mon Apr 23 2007 Matthew Barnes <mbarnes at redhat.com> - 2.10.1-7.fc7
- Remove the welcome email from evolution at novell.com (bug #179427).
* Sun Apr 22 2007 Matthew Barnes <mbarnes at redhat.com> - 2.10.1-6.fc7
- Add patch for RH bug #236860 (launching from clock applet).
* Sat Apr 21 2007 Matthias Clasen <mclasen at redhat.com> - 2.10.1-5
- Don't install INSTALL
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #448541 - CVE-2008-1109 evolution: iCalendar buffer overflow via large description parameter
        https://bugzilla.redhat.com/show_bug.cgi?id=448541
  [ 2 ] Bug #448540 - CVE-2008-1108 evolution: iCalendar buffer overflow via large timezone specification
        https://bugzilla.redhat.com/show_bug.cgi?id=448540
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update evolution' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------




More information about the Fedora-package-announce mailing list