[Evolution] Re: CVE-2005-2549 CVE-2005-2550: Arbitrary code
execution in Evolution
Moritz Muehlenhoff
jmm at inutil.org
Mon Mar 13 13:15:29 UTC 2006
Martin Schulze wrote:
> Ulf Härnhammar discovered several format string vulnerabilities in
> Evolution, a free groupware suite, that could lead to crashes of the
> application or the execution of arbitrary code.
>
> http://marc.theaimsgroup.com/?l=full-disclosure&m=112368237712032&w=2
>
> This mail contains a patch.
>
> Please
> . update the package in sid
> . mention the CVE id from the subject in the changelog
> . tell me the version number of the fixed package
> . use urgency=high
This is already covered by #322535.
It's fixed in unstable in 2.2.3-3. I had already prepared patches for
Woody and Sarge, they're attached. I haven't had time to prepare a DSA
yet, at least the Sarge version of Evolution requires manual changes
to the source package, as it triggers a i18n rebuild of some GNOME
lib.
Cheers,
Moritz
-------------- next part --------------
diff -Naur evolution-2.0.4.orig/addressbook/gui/widgets/eab-contact-display.c evolution-2.0.4/addressbook/gui/widgets/eab-contact-display.c
--- evolution-2.0.4.orig/addressbook/gui/widgets/eab-contact-display.c Mon Feb 14 17:09:03 2005
+++ evolution-2.0.4/addressbook/gui/widgets/eab-contact-display.c Fri Nov 25 16:50:43 2005
@@ -338,7 +338,7 @@
accum_attribute (accum, contact, _("Yahoo"), E_CONTACT_IM_YAHOO_HOME_1, YAHOO_ICON, 0);
if (accum->len > 0)
- gtk_html_stream_printf (html_stream, accum->str);
+ gtk_html_stream_printf (html_stream, "%s", accum->str);
end_block (html_stream);
@@ -353,7 +353,7 @@
if (accum->len > 0) {
start_block (html_stream, _("work"));
- gtk_html_stream_printf (html_stream, accum->str);
+ gtk_html_stream_printf (html_stream, "%s", accum->str);
end_block (html_stream);
}
@@ -368,7 +368,7 @@
if (accum->len > 0) {
start_block (html_stream, _("personal"));
- gtk_html_stream_printf (html_stream, accum->str);
+ gtk_html_stream_printf (html_stream, "%s", accum->str);
end_block (html_stream);
}
diff -Naur evolution-2.0.4.orig/calendar/gui/e-cal-component-preview.c evolution-2.0.4/calendar/gui/e-cal-component-preview.c
--- evolution-2.0.4.orig/calendar/gui/e-cal-component-preview.c Sun Apr 18 20:01:19 2004
+++ evolution-2.0.4/calendar/gui/e-cal-component-preview.c Fri Nov 25 16:50:43 2005
@@ -285,7 +285,7 @@
str = g_string_append_c (str, text.value[i]);
}
- gtk_html_stream_printf (stream, str->str);
+ gtk_html_stream_printf (stream, "%s", str->str);
g_string_free (str, TRUE);
}
diff -Naur evolution-2.0.4.orig/calendar/gui/e-calendar-table.c evolution-2.0.4/calendar/gui/e-calendar-table.c
--- evolution-2.0.4.orig/calendar/gui/e-calendar-table.c Fri Sep 24 17:49:27 2004
+++ evolution-2.0.4/calendar/gui/e-calendar-table.c Fri Nov 25 16:50:43 2005
@@ -1212,7 +1212,7 @@
return;
}
- fprintf (file, ical_string);
+ fprintf (file, "%s", ical_string);
g_free (ical_string);
fclose (file);
}
diff -Naur evolution-2.0.4.orig/calendar/gui/e-calendar-view.c evolution-2.0.4/calendar/gui/e-calendar-view.c
--- evolution-2.0.4.orig/calendar/gui/e-calendar-view.c Mon Feb 14 17:09:04 2005
+++ evolution-2.0.4/calendar/gui/e-calendar-view.c Fri Nov 25 16:50:43 2005
@@ -1074,7 +1074,7 @@
return;
}
- fprintf (file, ical_string);
+ fprintf (file, "%s", ical_string);
g_free (ical_string);
fclose (file);
-------------- next part --------------
diff -Naur evolution-1.0.5.orig/calendar/gui/dialogs/comp-editor.c evolution-1.0.5/calendar/gui/dialogs/comp-editor.c
--- evolution-1.0.5.orig/calendar/gui/dialogs/comp-editor.c 2002-02-19 16:33:02.000000000 +0100
+++ evolution-1.0.5/calendar/gui/dialogs/comp-editor.c 2005-12-01 15:01:23.000000000 +0100
@@ -1088,7 +1088,7 @@
return;
}
- fprintf (file, ical_string);
+ fprintf (file, "%s", ical_string);
g_free (ical_string);
fclose (file);
More information about the Pkg-evolution-maintainers
mailing list