From b7a42fed6664b3db6bc4c8b7cfa4b4f48bfcb372 Mon Sep 17 00:00:00 2001 From: "Simon L. B. Nielsen" Date: Sat, 27 Aug 2005 22:25:30 +0000 Subject: Document evolution -- remote format string vulnerabilities. Approved by: portmgr (blanket, VuXML) --- security/vuxml/vuln.xml | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 523b5f22a35c..6a457b08febd 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -32,6 +32,49 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --> + + evolution -- remote format string vulnerabilities + + + evolution + 1.52.3.7 + + + + +

SO-AND-SO reports:

+
+

Evolution suffers from several format string bugs when + handling data from remote sources. These bugs lead to + crashes or the execution of arbitrary assembly language + code.

+
    +
  1. The first format string bug occurs when viewing the + full vCard data attached to an e-mail message.
    2. +
  2. The second format string bug occurs when displaying + contact data from remote LDAP servers.
    3. +
  3. The third format string bug occurs when displaying + task list data from remote servers.
    4. +
  4. The fourth, and least serious, format string bug + occurs when the user goes to the Calendars tab to save + task list data that is vulnerable to problem 3 + above. Other calendar entries that do not come from task + lists are also affected.
    5. +
+
+ + + + CAN-2005-2549 + CAN-2005-2550 + http://www.sitic.se/eng/advisories_and_recommendations/sa05-001.html + + + 2005-08-10 + 2005-08-27 + + + pam_ldap -- authentication bypass vulnerability -- cgit v1.2.3