-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2008-2290 2008-03-06 16:13:01 --------------------------------------------------------------------------------
Name : evolution Product : Fedora 7 Version : 2.10.3 Release : 8.fc7 URL : http://www.gnome.org/projects/evolution/ Summary : GNOME's next-generation groupware suite Description : Evolution is the GNOME mailer, calendar, contact manager and communications tool. The tools which make up Evolution will be tightly integrated with one another and act as a seamless personal information-management tool. -------------------------------------------------------------------------------- Update Information: Ulf Härnhammar of Secunia Research discovered a format string flaw in the way Evolution displayed encrypted mail content. If a user opened a carefully crafted mail message, arbitrary code could be executed as the user running Evolution. (CVE-2008-0072) -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 4 2008 Matthew Barnes <[EMAIL PROTECTED]> - 2.10.3-8.fc7 - Add patch for CVE-2008-0072 (format string vulnerability). * Sat Nov 3 2007 Matthew Barnes <[EMAIL PROTECTED]> - 2.10.3-7.fc7 - Add patch for RH bug #249640 (todo conduit crash). * Wed Oct 31 2007 Dan Williams <[EMAIL PROTECTED]> - 2.10.3-6.fc7 - Backport fix for GNOME bug #239441 * Thu Aug 30 2007 Matthew Barnes <[EMAIL PROTECTED]> - 2.10.3-5.fc7 - Revise patch for GNOME bug #417999 to fix GNOME bug #447591 (Automatic Contacts combo boxes don't work). * Wed Aug 29 2007 Matthew Barnes <[EMAIL PROTECTED]> - 2.10.3-4.fc7 - Revise patch for GNOME bug #362638 to fix GNOME bug #357175 (Evolution fails to close after IMAP alert has been displayed). * Fri Jul 27 2007 Matthew Barnes <[EMAIL PROTECTED]> - 2.10.3-3.fc7 - Add patch for GNOME bug #380534 (clarify version requirements). * Sat Jul 14 2007 Matthew Barnes <[EMAIL PROTECTED]> - 2.10.3-2.fc7 - Revise patch for GNOME bug #362638 to fix RH bug #245695 (crash on alert). * Mon Jul 2 2007 Matthew Barnes <[EMAIL PROTECTED]> - 2.10.3-1.fc7 - Update to 2.10.3 * Wed Jun 27 2007 Matthew Barnes <[EMAIL PROTECTED]> - 2.10.2-3.fc7 - Revise patch for GNOME bug #362638 to fix RH bug #245289 (frequent hangs). * Wed Jun 6 2007 Matthew Barnes <[EMAIL PROTECTED]> - 2.10.2-2.fc7 - Revise patch for GNOME bug #362638 to fix RH bug #240507 (hang on exit). * Mon May 28 2007 Matthew Barnes <[EMAIL PROTECTED]> - 2.10.2-1.fc7 - Update to 2.10.2 - Remove patch for RH bug #202289 (fixed upstream). - Remove patch for RH bug #235878 (fixed upstream). - Remove patch for RH bug #238551 (fixed upstream). * Wed May 16 2007 Matthew Barnes <[EMAIL PROTECTED]> - 2.10.1-17.fc7 - Revise patch for GNOME bug #362638 to fix RH bug #237206 (certificate prompt causes crash, again). * Tue May 15 2007 Matthew Barnes <[EMAIL PROTECTED]> - 2.10.1-16.fc7 - Add patch for RH bug #240147 (Send/Receive dialog layout). * Mon May 14 2007 Matthew Barnes <[EMAIL PROTECTED]> - 2.10.1-15.fc7 - Revise patch for RH bug #236860 to match upstream's solution. * Mon May 14 2007 Matthew Barnes <[EMAIL PROTECTED]> - 2.10.1-14.fc7 - Revise patch for RH bug #238155 (crash on startup). * Mon May 7 2007 Matthew Barnes <[EMAIL PROTECTED]> - 2.10.1-13.fc7 - Add patch for RH bug #238155 (crash on startup). * Tue May 1 2007 Matthew Barnes <[EMAIL PROTECTED]> - 2.10.1-12.fc7 - Add patch for RH bug #238551 (incorrect attachment count). * Tue May 1 2007 Matthew Barnes <[EMAIL PROTECTED]> - 2.10.1-10.fc7 - Revise patch for GNOME bug #363695 to fix RH bug #238497 (crash sorting "To" column). * Mon Apr 30 2007 Matthew Barnes <[EMAIL PROTECTED]> - 2.10.1-9.fc7 - Revise some patches so that we don't have to run autoreconf. - Remove patch for GNOME bug #427939 (use a different work-around). * Fri Apr 27 2007 Matthew Barnes <[EMAIL PROTECTED]> - 2.10.1-8.fc7 - Add patch for RH bug #236399 (en_CA attribution format). * Mon Apr 23 2007 Matthew Barnes <[EMAIL PROTECTED]> - 2.10.1-7.fc7 - Remove the welcome email from [EMAIL PROTECTED] (bug #179427). * Sun Apr 22 2007 Matthew Barnes <[EMAIL PROTECTED]> - 2.10.1-6.fc7 - Add patch for RH bug #236860 (launching from clock applet). * Sat Apr 21 2007 Matthias Clasen <[EMAIL PROTECTED]> - 2.10.1-5 - Don't install INSTALL -------------------------------------------------------------------------------- References: [ 1 ] Bug #435759 - CVE-2008-0072 Evolution format string flaw https://bugzilla.redhat.com/show_bug.cgi?id=435759 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update evolution' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at http://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-announce