-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sat, 07 Jun 2008 03:14:04 +0000 Source: evolution Binary: evolution evolution-common evolution-dev evolution-dbg evolution-plugins evolution-plugins-experimental Architecture: source all i386 Version: 2.22.2-1.1 Distribution: unstable Urgency: high Maintainer: Debian Evolution Maintainers <[EMAIL PROTECTED]> Changed-By: Steffen Joeris <[EMAIL PROTECTED]> Description: evolution - groupware suite with mail client and organizer evolution-common - architecture independent files for Evolution evolution-dbg - debugging symbols for Evolution evolution-dev - development library files for Evolution evolution-plugins - standard plugins for Evolution evolution-plugins-experimental - experimental plugins for Evolution Closes: 484639 Changes: evolution (2.22.2-1.1) unstable; urgency=high . * Non-maintainer upload by the security team * Fix two buffer overflows and a possible DoS attack (Closes: 484639) - Use a Gstring instead of a fixed sized buffer to build the HTML string Fixes: CVE-2008-1108 - Avoid using a fixed sized buffer for parsing external data Fixes: CVE-2008-1109 - Add sanity checks to avoid remotely triggered DoS See http://bugzilla.gnome.org/show_bug.cgi?id=535459 Checksums-Sha1: a5d17537678366b3dd8d3195bff7e208613127f1 2824 evolution_2.22.2-1.1.dsc 1325d44d5aa792098ab45026e2cd5278f01c4899 29525 evolution_2.22.2-1.1.diff.gz e3ea5809bd7fed28e4944e7081af9203f03f002e 58463002 evolution-common_2.22.2-1.1_all.deb d0b381fd6e4cbaf85e5e895ee985f78247c575ee 2750302 evolution_2.22.2-1.1_i386.deb 71108b8c8ee68bc884da86868ce646d59f18989a 250076 evolution-dev_2.22.2-1.1_i386.deb f9e923eb6cd9ce39ef10480de239a3ad7aa947dd 6998964 evolution-dbg_2.22.2-1.1_i386.deb bfe12a24dca6b70e1acbb9452526748e1d2e959f 174684 evolution-plugins_2.22.2-1.1_i386.deb 29aeda3c502bc48c828126132d0cbafa92599458 132028 evolution-plugins-experimental_2.22.2-1.1_i386.deb Checksums-Sha256: 6e937cda5003412b8fc99331b8a389a272224aaf7cd4257ebc6cacc88db950eb 2824 evolution_2.22.2-1.1.dsc 0daefd6d775d8dfba7d26ed33e87a5fd76b50351cc46df8bb052dfe0ad188af1 29525 evolution_2.22.2-1.1.diff.gz c8e5d7c9ec8875f0be1854d74526ffea2110c62e51654d15bdd0d2a95b490c1b 58463002 evolution-common_2.22.2-1.1_all.deb 03c205873d8493442475549eeee029246542822aafdb500294365fd1e5993b76 2750302 evolution_2.22.2-1.1_i386.deb 6db40478ece991f4a7e7ce7316ab42bbd127c657210aa727e067cd022efa0351 250076 evolution-dev_2.22.2-1.1_i386.deb 626465918ea31e4b6037ff9e14ff30898ed8e67fc62f0d8d24f503f82640d6ed 6998964 evolution-dbg_2.22.2-1.1_i386.deb 60208e69a08f61d9a90d951490f6a0893c0c7130462b73c0e71d06e01b843954 174684 evolution-plugins_2.22.2-1.1_i386.deb 9cd4d67fa67431809ffbc6764d19570a3e28c0c31ed4b99d525b748ad460c92d 132028 evolution-plugins-experimental_2.22.2-1.1_i386.deb Files: 518abe2c475209ec4069dd7d6a039018 2824 gnome optional evolution_2.22.2-1.1.dsc 1ce700c6f6dfd20200c5a1a74e326e62 29525 gnome optional evolution_2.22.2-1.1.diff.gz c50d712bf0a3cb048c65ac2fb50a61e1 58463002 gnome optional evolution-common_2.22.2-1.1_all.deb d150ba4eac8138917c416f16f8a66421 2750302 gnome optional evolution_2.22.2-1.1_i386.deb c1e4fe41fe4422fb6b3cdd48da247d1e 250076 devel optional evolution-dev_2.22.2-1.1_i386.deb 46bef6fe9cdc606fb4181709f95c81ee 6998964 gnome extra evolution-dbg_2.22.2-1.1_i386.deb 5f95593504cd32cff086d8663e4f8fca 174684 gnome optional evolution-plugins_2.22.2-1.1_i386.deb e44c6fe3a0d2ae7d27fa19b441a25cb2 132028 gnome optional evolution-plugins-experimental_2.22.2-1.1_i386.deb
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkhKDhIACgkQ62zWxYk/rQcu4gCgmqZqlDvaW0YkgRHb0PXOm5OD 2cMAn2LQOwyGf8biKlAgO2sEd2vOai7I =5jtF -----END PGP SIGNATURE----- Accepted: evolution-common_2.22.2-1.1_all.deb to pool/main/e/evolution/evolution-common_2.22.2-1.1_all.deb evolution-dbg_2.22.2-1.1_i386.deb to pool/main/e/evolution/evolution-dbg_2.22.2-1.1_i386.deb evolution-dev_2.22.2-1.1_i386.deb to pool/main/e/evolution/evolution-dev_2.22.2-1.1_i386.deb evolution-plugins-experimental_2.22.2-1.1_i386.deb to pool/main/e/evolution/evolution-plugins-experimental_2.22.2-1.1_i386.deb evolution-plugins_2.22.2-1.1_i386.deb to pool/main/e/evolution/evolution-plugins_2.22.2-1.1_i386.deb evolution_2.22.2-1.1.diff.gz to pool/main/e/evolution/evolution_2.22.2-1.1.diff.gz evolution_2.22.2-1.1.dsc to pool/main/e/evolution/evolution_2.22.2-1.1.dsc evolution_2.22.2-1.1_i386.deb to pool/main/e/evolution/evolution_2.22.2-1.1_i386.deb -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]