evolution security update

CentOS Errata and Security Advisory CESA-2005:267

Evolution is the GNOME collection of personal information management (PIM)
tools.

A format string bug was found in Evolution. If a user tries to save a
carefully crafted meeting or appointment, arbitrary code may be executed as
the user running Evolution. The Common Vulnerabilities and Exposures
project has assigned the name CAN-2005-2550 to this issue.

Additionally, several other format string bugs were found in Evolution. If
a user views a malicious vCard, connects to a malicious LDAP server, or
displays a task list from a malicious remote server, arbitrary code may be
executed as the user running Evolution. The Common Vulnerabilities and
Exposures project has assigned the name CAN-2005-2549 to this issue. Please
note that this issue only affects Red Hat Enterprise Linux 4.

All users of Evolution should upgrade to these updated packages, which
contain a backported patch which resolves this issue.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2005-August/074260.html
https://lists.centos.org/pipermail/centos-announce/2005-August/074261.html
https://lists.centos.org/pipermail/centos-announce/2005-August/074262.html
https://lists.centos.org/pipermail/centos-announce/2005-August/074263.html
https://lists.centos.org/pipermail/centos-announce/2005-August/074265.html
https://lists.centos.org/pipermail/centos-announce/2005-August/074266.html
https://lists.centos.org/pipermail/centos-announce/2005-August/074267.html
https://lists.centos.org/pipermail/centos-announce/2005-August/074268.html
https://lists.centos.org/pipermail/centos-announce/2005-August/087017.html

Affected packages:
evolution
evolution-devel

Upstream details at:
https://access.redhat.com/errata/RHSA-2005:267