194108 – CVE-2006-2789 Evolution DoS

Bug 194108 - CVE-2006-2789 Evolution DoS

Summary: CVE-2006-2789 Evolution DoS

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	evolution
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Matthew Barnes
QA Contact:
Docs Contact:
URL:
Whiteboard:	impact=moderate,public=20050704,repor...
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2006-06-05 20:16 UTC by Josh Bressers
Modified:	2007-11-30 22:11 UTC (History)
CC List:	0 users
Fixed In Version:	Evolution 2.4.x
Clone Of:
Environment:
Last Closed:	2007-08-31 15:02:56 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Josh Bressers 2006-06-05 20:16:25 UTC

Text taken from the CVE id.

Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when "load images if
sender in addressbook" is enabled, allows remote attackers to cause a
denial of service (persistent crash) via a crafted "From" header that
triggers an assert error in camel-internet-address.c when a null
pointer is used.

Comment 1 Christian Iseli 2007-01-22 10:50:03 UTC

This report targets the FC3 or FC4 products, which have now been EOL'd.

Could you please check that it still applies to a current Fedora release, and
either update the target product or close it ?

Thanks.

Comment 2 Matthew Barnes 2007-08-31 14:49:55 UTC

Josh, any idea if this is still relevant in F7 or Rawhide?

I didn't see any ChangeLog entries mentioning the issue directly, but there's
been a lot of improvements to Camel since June 2006.

Comment 3 Matthew Barnes 2007-08-31 14:55:20 UTC

This was originally filed against FC4.  Moving to "devel" until I can determine
its current status.

Comment 4 Matthew Barnes 2007-08-31 15:02:56 UTC

This CVE was fixed in Evolution 2.4.x.  Closing.

Note You need to log in before you can comment on or make changes to this bug.