add DSTA 13 (evolution)

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@1863 e39458fd-73e7-0310-bf30-c45bca0a0e42
author: Joey Hess <joeyh@debian.org> 2005-09-08 18:53:15 +0000
committer: Joey Hess <joeyh@debian.org> 2005-09-08 18:53:15 +0000
commit: c6c8ef3f46e2bff07bc5fcfdbc1d2b3b3f61a5b0 (patch)
tree: a27243a1de3ceeb1721573e893bcfe1cf9efd3a5 /data/DTSA/advs/13-evolution.adv
parent: 2d769fbc9b4ad070698cb146a8c3b71c589b2c0a (diff)
1 files changed, 26 insertions, 0 deletions
diff --git a/data/DTSA/advs/13-evolution.adv b/data/DTSA/advs/13-evolution.adv
new file mode 100644
index 0000000000..bd30fe5ec3
--- /dev/null
+++ b/data/DTSA/advs/13-evolution.adv
@@ -0,0 +1,26 @@
+source: evolution
+date: September 8th, 2005
+author: Joey Hess
+vuln-type: format string vulnerabilities
+problem-scope: remote
+debian-specifc: no
+cve: CAN-2005-2549 CAN-2005-2550
+testing-fix: 2.2.3-2etch1
+sid-fix: 2.2.3-3
+upgrade: apt-get install evolution
+
+Multiple vulnerabilities were discovered in evolution:
+
+CAN-2005-2549
+
+Multiple format string vulnerabilities in Evolution allow remote attackers
+to cause a denial of service (crash) and possibly execute arbitrary code via
+(1) full vCard data, (2) contact data from remote LDAP servers, or (3) task 
+list data from remote servers.
+
+CAN-2005-2550
+
+Format string vulnerability in Evolution allows remote attackers to cause a
+denial of service (crash) and possibly execute arbitrary code via the
+calendar entries such as task lists, which are not properly handled when
+the user selects the Calendars tab.
author	Joey Hess <joeyh@debian.org>	2005-09-08 18:53:15 +0000
committer	Joey Hess <joeyh@debian.org>	2005-09-08 18:53:15 +0000
commit	c6c8ef3f46e2bff07bc5fcfdbc1d2b3b3f61a5b0 (patch)
tree	a27243a1de3ceeb1721573e893bcfe1cf9efd3a5 /data/DTSA/advs/13-evolution.adv
parent	2d769fbc9b4ad070698cb146a8c3b71c589b2c0a (diff)