-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2008-4990 2008-06-06 04:05:24 --------------------------------------------------------------------------------
Name : evolution Product : Fedora 9 Version : 2.22.2 Release : 2.fc9 URL : http://www.gnome.org/projects/evolution/ Summary : GNOME's next-generation groupware suite Description : Evolution is the GNOME mailer, calendar, contact manager and communications tool. The components which make up Evolution are tightly integrated with one another and act as a seamless personal information-management tool. -------------------------------------------------------------------------------- Update Information: Fix two buffer overflows in iCalendar .ics file fromat support discovered and reported by Alin Rad Pop of the Secunia Research: CVE-2008-1108, CVE-2008-1109, SA30298 See referenced bugzilla bugs or Secunia advisories for further details: http://secunia.com/advisories/30298 http://secunia.com/secunia_research/2008-22/advisory/ http://secunia.com/secunia_research/2008-23/advisory/ -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 4 2008 Matthew Barnes <[EMAIL PROTECTED]> - 2.22.2-2.fc9 - Add patches for RH bug #449924 (buffer overflow vulnerabilities). * Mon May 26 2008 Matthew Barnes <[EMAIL PROTECTED]> - 2.22.2-1.fc9 - Update to 2.22.2 * Fri May 2 2008 Matthew Barnes <[EMAIL PROTECTED]> - 2.22.1.1-1.fc9 - Update to 2.22.1.1 - Remove patch for RH bug #437208 (fixed upstream). - Remove patch for GNOME bug #524121 (fixed upstream). -------------------------------------------------------------------------------- References: [ 1 ] Bug #448540 - CVE-2008-1108 evolution: iCalendar buffer overflow via large timezone specification https://bugzilla.redhat.com/show_bug.cgi?id=448540 [ 2 ] Bug #448541 - CVE-2008-1109 evolution: iCalendar buffer overflow via large description parameter https://bugzilla.redhat.com/show_bug.cgi?id=448541 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update evolution' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at http://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-announce