diff options
author | Joey Hess <joeyh@debian.org> | 2005-09-08 18:53:15 +0000 |
---|---|---|
committer | Joey Hess <joeyh@debian.org> | 2005-09-08 18:53:15 +0000 |
commit | c6c8ef3f46e2bff07bc5fcfdbc1d2b3b3f61a5b0 (patch) | |
tree | a27243a1de3ceeb1721573e893bcfe1cf9efd3a5 /data/DTSA/advs/13-evolution.adv | |
parent | 2d769fbc9b4ad070698cb146a8c3b71c589b2c0a (diff) |
add DSTA 13 (evolution)
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@1863 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data/DTSA/advs/13-evolution.adv')
-rw-r--r-- | data/DTSA/advs/13-evolution.adv | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/data/DTSA/advs/13-evolution.adv b/data/DTSA/advs/13-evolution.adv new file mode 100644 index 0000000000..bd30fe5ec3 --- /dev/null +++ b/data/DTSA/advs/13-evolution.adv @@ -0,0 +1,26 @@ +source: evolution +date: September 8th, 2005 +author: Joey Hess +vuln-type: format string vulnerabilities +problem-scope: remote +debian-specifc: no +cve: CAN-2005-2549 CAN-2005-2550 +testing-fix: 2.2.3-2etch1 +sid-fix: 2.2.3-3 +upgrade: apt-get install evolution + +Multiple vulnerabilities were discovered in evolution: + +CAN-2005-2549 + +Multiple format string vulnerabilities in Evolution allow remote attackers +to cause a denial of service (crash) and possibly execute arbitrary code via +(1) full vCard data, (2) contact data from remote LDAP servers, or (3) task +list data from remote servers. + +CAN-2005-2550 + +Format string vulnerability in Evolution allows remote attackers to cause a +denial of service (crash) and possibly execute arbitrary code via the +calendar entries such as task lists, which are not properly handled when +the user selects the Calendars tab. |