Text taken from the CVE id. Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when "load images if sender in addressbook" is enabled, allows remote attackers to cause a denial of service (persistent crash) via a crafted "From" header that triggers an assert error in camel-internet-address.c when a null pointer is used.
This report targets the FC3 or FC4 products, which have now been EOL'd. Could you please check that it still applies to a current Fedora release, and either update the target product or close it ? Thanks.
Josh, any idea if this is still relevant in F7 or Rawhide? I didn't see any ChangeLog entries mentioning the issue directly, but there's been a lot of improvements to Camel since June 2006.
This was originally filed against FC4. Moving to "devel" until I can determine its current status.
This CVE was fixed in Evolution 2.4.x. Closing.