This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 194108 - CVE-2006-2789 Evolution DoS
CVE-2006-2789 Evolution DoS
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: evolution (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Matthew Barnes
impact=moderate,public=20050704,repor...
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-06-05 16:16 EDT by Josh Bressers
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version: Evolution 2.4.x
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-08-31 11:02:56 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Josh Bressers 2006-06-05 16:16:25 EDT
Text taken from the CVE id.

Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when "load images if
sender in addressbook" is enabled, allows remote attackers to cause a
denial of service (persistent crash) via a crafted "From" header that
triggers an assert error in camel-internet-address.c when a null
pointer is used.
Comment 1 Christian Iseli 2007-01-22 05:50:03 EST
This report targets the FC3 or FC4 products, which have now been EOL'd.

Could you please check that it still applies to a current Fedora release, and
either update the target product or close it ?

Thanks.
Comment 2 Matthew Barnes 2007-08-31 10:49:55 EDT
Josh, any idea if this is still relevant in F7 or Rawhide?

I didn't see any ChangeLog entries mentioning the issue directly, but there's
been a lot of improvements to Camel since June 2006.
Comment 3 Matthew Barnes 2007-08-31 10:55:20 EDT
This was originally filed against FC4.  Moving to "devel" until I can determine
its current status.
Comment 4 Matthew Barnes 2007-08-31 11:02:56 EDT
This CVE was fixed in Evolution 2.4.x.  Closing.

Note You need to log in before you can comment on or make changes to this bug.