To: bugtraq@securityfocus.com
Subject: [ MDKSA-2007:070 ] - Updated evolution packages to address vulnerability
Date: Tue, 27 Mar 2007 09:10:30 -0600
From: security@mandriva.com
Reply-To: <xsecurity@mandriva.com.>
Message-Id: <E1HWDJe-0000mT-5g@artemis.annvix.ca.>
Sender: QA Team <qateam@artemis.annvix.ca.>
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2007:070
http://www.mandriva.com/security/
_______________________________________________________________________
Package : evolution
Date : March 27, 2007
Affected: 2007.0
_______________________________________________________________________
Problem Description:
A format string error in the "write_html()" function in calendar/gui/
e-cal-component-memo-preview.c when displaying a memo's categories can
potentially be exploited to execute arbitrary code via a specially
crafted shared memo containing format specifiers.
Updated packages have been patched to address this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1002
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.0:
ffbaf535dcc8aad7e4d99e9e238d1ed0 2007.0/i586/evolution-2.8.0-1.1mdv2007.0.i586.rpm
b475a91bffa1bbfef44d5928ad98f76f 2007.0/i586/evolution-devel-2.8.0-1.1mdv2007.0.i586.rpm
1c3f8129b6ff5336b7ef7cc8e47034a8 2007.0/i586/evolution-mono-2.8.0-1.1mdv2007.0.i586.rpm
b34eb079ba555c29d9be2807d729b4f3 2007.0/i586/evolution-pilot-2.8.0-1.1mdv2007.0.i586.rpm
4012d73f8f6c7fc1ddb5eb326cad2c7a 2007.0/SRPMS/evolution-2.8.0-1.1mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
9803e86f2add5fc6fa81e35d44cf0696 2007.0/x86_64/evolution-2.8.0-1.1mdv2007.0.x86_64.rpm
b5b4cf59932bd01169f1d76e90be2201 2007.0/x86_64/evolution-devel-2.8.0-1.1mdv2007.0.x86_64.rpm
f382c0033a4ff0f9c3e48235dbf712f8 2007.0/x86_64/evolution-mono-2.8.0-1.1mdv2007.0.x86_64.rpm
737c4f2a2708d06d1dbf7a2379eb56f8 2007.0/x86_64/evolution-pilot-2.8.0-1.1mdv2007.0.x86_64.rpm
4012d73f8f6c7fc1ddb5eb326cad2c7a 2007.0/SRPMS/evolution-2.8.0-1.1mdv2007.0.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGCQmRmqjQ0CJFipgRAuQOAJ9ff46OmdV//gV9Qfu2Q76qZsRkygCgzHrw
RySRUTo4vymnxdlcLkTwqVU=
=j0iK
-----END PGP SIGNATURE-----
