Heap buffer over-read vulnerability was found in libical 0.47 in icaltime_from_string function caused by passing malformed input to icalparser_parse_string function. Upstream bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1281043 CVE assignment: http://seclists.org/oss-sec/2016/q2/604
Created thunderbird tracking bugs for this issue: Affects: fedora-all [bug 1350483]
Created libical tracking bugs for this issue: Affects: fedora-all [bug 1350482] Affects: epel-5 [bug 1350484]
(In reply to Adam Mariš from comment #0) > Upstream bugs (not public yet): > > https://bugzilla.mozilla.org/show_bug.cgi?id=1280832 > https://bugzilla.mozilla.org/show_bug.cgi?id=1281041 > https://bugzilla.mozilla.org/show_bug.cgi?id=1281043 I cannot open any of those bug reports right now. Is there any patch for libical, or anything useful?