Bug 194108 - CVE-2006-2789 Evolution DoS
Summary: CVE-2006-2789 Evolution DoS
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: evolution
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Matthew Barnes
QA Contact:
URL:
Whiteboard: impact=moderate,public=20050704,repor...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-06-05 20:16 UTC by Josh Bressers
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version: Evolution 2.4.x
Clone Of:
Environment:
Last Closed: 2007-08-31 15:02:56 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Josh Bressers 2006-06-05 20:16:25 UTC
Text taken from the CVE id.

Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when "load images if
sender in addressbook" is enabled, allows remote attackers to cause a
denial of service (persistent crash) via a crafted "From" header that
triggers an assert error in camel-internet-address.c when a null
pointer is used.

Comment 1 Christian Iseli 2007-01-22 10:50:03 UTC
This report targets the FC3 or FC4 products, which have now been EOL'd.

Could you please check that it still applies to a current Fedora release, and
either update the target product or close it ?

Thanks.

Comment 2 Matthew Barnes 2007-08-31 14:49:55 UTC
Josh, any idea if this is still relevant in F7 or Rawhide?

I didn't see any ChangeLog entries mentioning the issue directly, but there's
been a lot of improvements to Camel since June 2006.

Comment 3 Matthew Barnes 2007-08-31 14:55:20 UTC
This was originally filed against FC4.  Moving to "devel" until I can determine
its current status.

Comment 4 Matthew Barnes 2007-08-31 15:02:56 UTC
This CVE was fixed in Evolution 2.4.x.  Closing.


Note You need to log in before you can comment on or make changes to this bug.