[Secure-testing-commits] r1863 - in data/DTSA: . advs hints

Joey Hess joeyh at costa.debian.org
Thu Sep 8 18:53:15 UTC 2005 

Author: joeyh
Date: 2005-09-08 18:53:15 +0000 (Thu, 08 Sep 2005)
New Revision: 1863

Added:
   data/DTSA/advs/13-evolution.adv
Modified:
   data/DTSA/hints/joeyh
   data/DTSA/list
Log:
add DSTA 13 (evolution)


Added: data/DTSA/advs/13-evolution.adv
===================================================================
--- data/DTSA/advs/13-evolution.adv	2005-09-08 17:30:31 UTC (rev 1862)
+++ data/DTSA/advs/13-evolution.adv	2005-09-08 18:53:15 UTC (rev 1863)
@@ -0,0 +1,26 @@
+source: evolution
+date: September 8th, 2005
+author: Joey Hess
+vuln-type: format string vulnerabilities
+problem-scope: remote
+debian-specifc: no
+cve: CAN-2005-2549 CAN-2005-2550
+testing-fix: 2.2.3-2etch1
+sid-fix: 2.2.3-3
+upgrade: apt-get install evolution
+
+Multiple vulnerabilities were discovered in evolution:
+
+CAN-2005-2549
+
+Multiple format string vulnerabilities in Evolution allow remote attackers
+to cause a denial of service (crash) and possibly execute arbitrary code via
+(1) full vCard data, (2) contact data from remote LDAP servers, or (3) task 
+list data from remote servers.
+
+CAN-2005-2550
+
+Format string vulnerability in Evolution allows remote attackers to cause a
+denial of service (crash) and possibly execute arbitrary code via the
+calendar entries such as task lists, which are not properly handled when
+the user selects the Calendars tab.

Modified: data/DTSA/hints/joeyh
===================================================================
--- data/DTSA/hints/joeyh	2005-09-08 17:30:31 UTC (rev 1862)
+++ data/DTSA/hints/joeyh	2005-09-08 18:53:15 UTC (rev 1863)
@@ -1,3 +1,6 @@
+sync gal2.4/2.4.3-1.0etch1
+sync evolution-data-server/1.2.3-1etch1
+sync evolution/2.2.3-2etch1
 sync vim/1:6.3-085+0.0etch1
 sync bluez-utils/2.19-0.1etch1
 sync bluez-libs/2.19-0.1etch1

Modified: data/DTSA/list
===================================================================
--- data/DTSA/list	2005-09-08 17:30:31 UTC (rev 1862)
+++ data/DTSA/list	2005-09-08 18:53:15 UTC (rev 1863)
@@ -33,3 +33,6 @@
 [September 8th, 2005] DTSA-12-1 vim - modeline exploits
 	{CAN-2005-2368 }
 	- vim 1:6.3-085+0.0etch1 (medium)
+[September 8th, 2005] DTSA-13-1 evolution - format string vulnerabilities
+	{CAN-2005-2549 CAN-2005-2550 }
+	- evolution 2.2.3-2etch1 (high)

More information about the Secure-testing-commits mailing list