Viewing all changes in revision 27.
- Committer: Bazaar Package Importer
- Date: 2008-06-05 07:46:48 UTC
- Revision ID: james.westby@ubuntu.com-20080605074648-c08wtwf64dl3tti4
* SECURITY UPDATE: buffer overflow via timezone data in crafted ical
attachments
* debian/patches/99_01_CVE-2008-1108.patch: adjust
calendar/gui/e-itip-control.c to use a GString rather than a fixed-size
buffer to build the HTML string to avoid the possibility of an overflow.
* SECURITY UPDATE: heap-based overflow via crafted ical attachments with
long DESCRIPTION
* debian/patches/99_02_CVE-2008-1109.patch: adjust calendar/gui/itip-utils.c
to not use a fixed-size buffer for parsing external data. Simplify the
logic to just split and rejoin the string with a different line separator.
* SECURITY UPDATE: remotely triggered denial of service
* debian/patches/99_03_bug535459.patch: add sanity checks and don't use
component when checks fail in plugins/itip-formatter.c, gui/itip-utils.h,
gui/itip-utils.c, gui/e-itip-control.c
* References
CVE-2008-1108
CVE-2008-1109
http://bugzilla.gnome.org/show_bug.cgi?id=535459
attachments
* debian/patches/99_01_CVE-2008-1108.patch: adjust
calendar/gui/e-itip-control.c to use a GString rather than a fixed-size
buffer to build the HTML string to avoid the possibility of an overflow.
* SECURITY UPDATE: heap-based overflow via crafted ical attachments with
long DESCRIPTION
* debian/patches/99_02_CVE-2008-1109.patch: adjust calendar/gui/itip-utils.c
to not use a fixed-size buffer for parsing external data. Simplify the
logic to just split and rejoin the string with a different line separator.
* SECURITY UPDATE: remotely triggered denial of service
* debian/patches/99_03_bug535459.patch: add sanity checks and don't use
component when checks fail in plugins/itip-formatter.c, gui/itip-utils.h,
gui/itip-utils.c, gui/e-itip-control.c
* References
CVE-2008-1108
CVE-2008-1109
http://bugzilla.gnome.org/show_bug.cgi?id=535459
expand all
collapse all
added
removed
