Bug 165236 - CAN-2005-2550 Sitic Vulnerability Advisory: SA05-001 Evolution multiple remote format string bugs (RHEL3)
Summary: CAN-2005-2550 Sitic Vulnerability Advisory: SA05-001 Evolution multiple remot...
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: evolution   
(Show other bugs)
Version: 3.0
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Dave Malcolm
QA Contact:
Whiteboard: impact=important,source=gnome,reporte...
Keywords: Security
Depends On: 165235
TreeView+ depends on / blocked
Reported: 2005-08-05 18:38 UTC by Dave Malcolm
Modified: 2007-11-30 22:07 UTC (History)
1 user (show)

Fixed In Version: RHSA-2005-267
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-08-29 18:29:56 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Proposed patch to 1.4.5 to fix format strings in calendar code (1019 bytes, patch)
2005-08-11 01:14 UTC, Dave Malcolm
no flags Details | Diff

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2005:267 high SHIPPED_LIVE Important: Evolution security update 2005-08-29 04:00:00 UTC

Description Dave Malcolm 2005-08-05 18:38:59 UTC
+++ This bug was initially created as a clone of Bug #165235 +++

(don't yet know if this affects RHEL3)

Comment 1 Dave Malcolm 2005-08-05 20:42:54 UTC
From versions given in description (see bug 165235) would appear not to affect
RHEL3.  Haven't checked yet though.

Comment 2 Dave Malcolm 2005-08-11 00:49:47 UTC
It appears that at least part of the advisory may cover Evolution 1.4 and hence
RHEL3, and that there may be other similar vulnerabilities in RHEL3 (but not
RHEL4) that were not covered in Sitic's advisory.

The details: looking at their proposed patch:

calendar/gui/e-cal-component-preview.c: source file doesn't exist on RHEL3
evolution, appears to be no equivalent: OK

addressbook/gui/widgets/eab-contact-display.c: doesn't exist on RHEL3 evolution: OK

addressbook/gui/widgets directory: No usage of gtk_html_stream_printf: OK

calendar/gui/e-calendar-view.c: source file doesn't exist on RHEL3 evolution,
appears to be no equivalent: OK

calendar/gui/e-calendar-table.c: vulnerability appears to be relevant for RHEL3
Evolution, contradicting what is said in the advisory.  BAD

calendar/gui directory: Have checked all usages of gtk_html_stream_printf: all
use constant hardcoded format strings.
Checking usage of fprintf: appear to be problems in saving views:
calendar/gui/e-day-view.c: e_day_view_on_save_as
calendar/gui/e-week-view.c: e_week_view_on_save_as
both contain an: fprintf (file, ical_string);

These fprintfs are not present in the RHEL4 version.

Comment 3 Dave Malcolm 2005-08-11 00:51:49 UTC
I didn't see that Security had been unflagged, and that last comment got sent to

Sorry.  Have rechecked the Security Sensitive box.

Comment 4 Dave Malcolm 2005-08-11 01:05:43 UTC
See above two comments

Comment 5 Dave Malcolm 2005-08-11 01:14:30 UTC
Created attachment 117632 [details]
Proposed patch to 1.4.5 to fix format strings in calendar code

Comment 8 Red Hat Bugzilla 2005-08-29 18:29:56 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.