evolution -- several vulnerabilities

2007-06-29T00:00:00
ID DSA-1325
Type debian
Reporter Debian
Modified 2007-06-29T00:00:00

Description

Several remote vulnerabilities have been discovered in Evolution, a groupware suite with mail client and organizer. The Common Vulnerabilities and Exposures project identifies the following problems:

Ulf Härnhammar discovered that a format string vulnerability in the handling of shared calendars may allow the execution of arbitrary code.

It was discovered that the IMAP code in the Evolution Data Server performs insufficient sanitising of a value later used an array index, which can lead to the execution of arbitrary code.

For the oldstable distribution (sarge) these problems have been fixed in version 2.0.4-2sarge2. Packages for hppa, mips and powerpc are not yet available. They will be provided later.

For the stable distribution (etch) these problems have been fixed in version 2.6.3-6etch1. Packages for mips are not yet available. They will be provided later.

For the unstable distribution (sid) these problems will be fixed soon.

We recommend that you upgrade your evolution packages.