Bug 194108

Summary: CVE-2006-2789 Evolution DoS
Product: [Fedora] Fedora Reporter: Josh Bressers <bressers>
Component: evolutionAssignee: Matthew Barnes <mbarnes>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: rawhide   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=moderate,public=20050704,reported=20060603,source=cve
Fixed In Version: Evolution 2.4.x Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-08-31 15:02:56 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Josh Bressers 2006-06-05 20:16:25 UTC 
Text taken from the CVE id.

Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when "load images if
sender in addressbook" is enabled, allows remote attackers to cause a
denial of service (persistent crash) via a crafted "From" header that
triggers an assert error in camel-internet-address.c when a null
pointer is used.
Comment 1 Christian Iseli 2007-01-22 10:50:03 UTC 
This report targets the FC3 or FC4 products, which have now been EOL'd.

Could you please check that it still applies to a current Fedora release, and
either update the target product or close it ?

Thanks.
Comment 2 Matthew Barnes 2007-08-31 14:49:55 UTC 
Josh, any idea if this is still relevant in F7 or Rawhide?

I didn't see any ChangeLog entries mentioning the issue directly, but there's
been a lot of improvements to Camel since June 2006.
Comment 3 Matthew Barnes 2007-08-31 14:55:20 UTC 
This was originally filed against FC4.  Moving to "devel" until I can determine
its current status.
Comment 4 Matthew Barnes 2007-08-31 15:02:56 UTC 
This CVE was fixed in Evolution 2.4.x.  Closing.