*** This bug is a security vulnerability *** Public security bug reported:
Binary package hint: evolution References: SA29057 (http://secunia.com/advisories/29057/) Quoting: "Secunia Research has discovered a vulnerability in Evolution, which can be exploited by malicious people to compromise a vulnerable system. A format string error in the "emf_multipart_encrypted()" function in mail/em-format.c when displaying data (i.e. the "Version:" field) from an encrypted e-mail message can be exploited to execute arbitrary code via a specially crafted e-mail message. Successful exploitation requires that the user selects a malicious e-mail message. The vulnerability is confirmed in version 2.12.3. Other versions may also be affected." ** Affects: evolution (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-0072 -- [evolution] [CVE-2008-0072] format string error, possible arbitrary code execution https://bugs.launchpad.net/bugs/198742 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to evolution in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
