[SECURITY] Fedora 7 Update: evolution-2.10.3-10.fc7
updates at fedoraproject.org
updates at fedoraproject.org
Fri Jun 6 07:50:16 UTC 2008
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-5018
2008-06-06 04:09:42
--------------------------------------------------------------------------------
Name : evolution
Product : Fedora 7
Version : 2.10.3
Release : 10.fc7
URL : http://www.gnome.org/projects/evolution/
Summary : GNOME's next-generation groupware suite
Description :
Evolution is the GNOME mailer, calendar, contact manager and
communications tool. The tools which make up Evolution will
be tightly integrated with one another and act as a seamless
personal information-management tool.
--------------------------------------------------------------------------------
Update Information:
Fix two buffer overflows in iCalendar .ics file fromat support discovered and
reported by Alin Rad Pop of the Secunia Research: CVE-2008-1108, CVE-2008-1109,
SA30298 See referenced bugzilla bugs or Secunia advisories for further
details: http://secunia.com/advisories/30298
http://secunia.com/secunia_research/2008-22/advisory/
http://secunia.com/secunia_research/2008-23/advisory/
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 4 2008 Matthew Barnes <mbarnes at redhat.com> - 2.10.3-10.fc7
- Add patches for RH bug #449922 (buffer overflow vulnerabilities).
* Tue Mar 25 2008 Dan Williams <dcbw at redhat.com> - 2.10.3-9.fc7
- Add patch for GNOME bug #524310
* Tue Mar 4 2008 Matthew Barnes <mbarnes at redhat.com> - 2.10.3-8.fc7
- Add patch for CVE-2008-0072 (format string vulnerability).
* Sat Nov 3 2007 Matthew Barnes <mbarnes at redhat.com> - 2.10.3-7.fc7
- Add patch for RH bug #249640 (todo conduit crash).
* Wed Oct 31 2007 Dan Williams <dcbw at redhat.com> - 2.10.3-6.fc7
- Backport fix for GNOME bug #239441
* Thu Aug 30 2007 Matthew Barnes <mbarnes at redhat.com> - 2.10.3-5.fc7
- Revise patch for GNOME bug #417999 to fix GNOME bug #447591
(Automatic Contacts combo boxes don't work).
* Wed Aug 29 2007 Matthew Barnes <mbarnes at redhat.com> - 2.10.3-4.fc7
- Revise patch for GNOME bug #362638 to fix GNOME bug #357175
(Evolution fails to close after IMAP alert has been displayed).
* Fri Jul 27 2007 Matthew Barnes <mbarnes at redhat.com> - 2.10.3-3.fc7
- Add patch for GNOME bug #380534 (clarify version requirements).
* Sat Jul 14 2007 Matthew Barnes <mbarnes at redhat.com> - 2.10.3-2.fc7
- Revise patch for GNOME bug #362638 to fix RH bug #245695 (crash on alert).
* Mon Jul 2 2007 Matthew Barnes <mbarnes at redhat.com> - 2.10.3-1.fc7
- Update to 2.10.3
* Wed Jun 27 2007 Matthew Barnes <mbarnes at redhat.com> - 2.10.2-3.fc7
- Revise patch for GNOME bug #362638 to fix RH bug #245289 (frequent hangs).
* Wed Jun 6 2007 Matthew Barnes <mbarnes at redhat.com> - 2.10.2-2.fc7
- Revise patch for GNOME bug #362638 to fix RH bug #240507 (hang on exit).
* Mon May 28 2007 Matthew Barnes <mbarnes at redhat.com> - 2.10.2-1.fc7
- Update to 2.10.2
- Remove patch for RH bug #202289 (fixed upstream).
- Remove patch for RH bug #235878 (fixed upstream).
- Remove patch for RH bug #238551 (fixed upstream).
* Wed May 16 2007 Matthew Barnes <mbarnes at redhat.com> - 2.10.1-17.fc7
- Revise patch for GNOME bug #362638 to fix RH bug #237206
(certificate prompt causes crash, again).
* Tue May 15 2007 Matthew Barnes <mbarnes at redhat.com> - 2.10.1-16.fc7
- Add patch for RH bug #240147 (Send/Receive dialog layout).
* Mon May 14 2007 Matthew Barnes <mbarnes at redhat.com> - 2.10.1-15.fc7
- Revise patch for RH bug #236860 to match upstream's solution.
* Mon May 14 2007 Matthew Barnes <mbarnes at redhat.com> - 2.10.1-14.fc7
- Revise patch for RH bug #238155 (crash on startup).
* Mon May 7 2007 Matthew Barnes <mbarnes at redhat.com> - 2.10.1-13.fc7
- Add patch for RH bug #238155 (crash on startup).
* Tue May 1 2007 Matthew Barnes <mbarnes at redhat.com> - 2.10.1-12.fc7
- Add patch for RH bug #238551 (incorrect attachment count).
* Tue May 1 2007 Matthew Barnes <mbarnes at redhat.com> - 2.10.1-10.fc7
- Revise patch for GNOME bug #363695 to fix RH bug #238497
(crash sorting "To" column).
* Mon Apr 30 2007 Matthew Barnes <mbarnes at redhat.com> - 2.10.1-9.fc7
- Revise some patches so that we don't have to run autoreconf.
- Remove patch for GNOME bug #427939 (use a different work-around).
* Fri Apr 27 2007 Matthew Barnes <mbarnes at redhat.com> - 2.10.1-8.fc7
- Add patch for RH bug #236399 (en_CA attribution format).
* Mon Apr 23 2007 Matthew Barnes <mbarnes at redhat.com> - 2.10.1-7.fc7
- Remove the welcome email from evolution at novell.com (bug #179427).
* Sun Apr 22 2007 Matthew Barnes <mbarnes at redhat.com> - 2.10.1-6.fc7
- Add patch for RH bug #236860 (launching from clock applet).
* Sat Apr 21 2007 Matthias Clasen <mclasen at redhat.com> - 2.10.1-5
- Don't install INSTALL
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #448541 - CVE-2008-1109 evolution: iCalendar buffer overflow via large description parameter
https://bugzilla.redhat.com/show_bug.cgi?id=448541
[ 2 ] Bug #448540 - CVE-2008-1108 evolution: iCalendar buffer overflow via large timezone specification
https://bugzilla.redhat.com/show_bug.cgi?id=448540
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update evolution' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the Fedora-package-announce
mailing list