Date: Fri, 21 Mar 2003 14:29:44 -0500 From: Christopher Nehren <apeiron@comcast.net> To: security@freebsd.org Subject: [Fwd: GLSA: evolution (200303-18)] Message-ID: <1048274983.13593.29.camel@prophecy.dyndns.org>
next in thread | raw e-mail | index | archive | help
--=-qfIE1ZQzjr+cfQQCf13v Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Not released by the FreeBSD team, but AFAIK the version in ports is also vulnerable.=20 -----Forwarded Message----- > From: Daniel Ahlberg <aliz@gentoo.org> > To: bugtraq@securityfocus.com > Subject: GLSA: evolution (200303-18) > Date: 21 Mar 2003 17:02:15 +0100 >=20 > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 >=20 > - - --------------------------------------------------------------------- > GENTOO LINUX SECURITY ANNOUNCEMENT 200303-18 > - - --------------------------------------------------------------------- >=20 > PACKAGE : evolution > SUMMARY : multiple vulnerabilities > DATE : 2003-03-21 16:02 UTC > EXPLOIT : remote > VERSIONS AFFECTED : <1.2.3 > FIXED VERSION : >=3D1.2.3 > CVE : CAN-2003-0128 CAN-2003-0129 CAN-2003-0130 >=20 > - - --------------------------------------------------------------------- >=20 > - From advisory: >=20 > "Three vulnerabilities were found that could lead to various forms of=20 > exploitation ranging from denying to users the ability to read email,=20 > provoke system unstability, bypassing security context checks for=20 > email content and possibly execution of arbitrary commands on=20 > vulnerable systems." >=20 > Read the full advisory at: > http://www.coresecurity.com/common/showdoc.php?idx=3D309&idxseccion=3D10 >=20 > SOLUTION >=20 > It is recommended that all Gentoo Linux users who are running > net-mail/evolution upgrade to evolution-1.2.3 as follows: >=20 > emerge sync > emerge evolution > emerge clean >=20 > - - --------------------------------------------------------------------- > aliz@gentoo.org - GnuPG key is available at http://cvs.gentoo.org/~aliz > - - --------------------------------------------------------------------- > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.1 (GNU/Linux) >=20 > iD8DBQE+ezeDfT7nyhUpoZMRAqgFAKCMJiPWrcXzncBhgk1/lQ6F1qvdPwCff0L8 > puU/UmXZptBvDuVLe66YBNg=3D > =3D7I0C > -----END PGP SIGNATURE----- --=-qfIE1ZQzjr+cfQQCf13v Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQA+e2gnUdqurN0fljsRAu5MAKCQsCuxDiQsv/lBab6vGtcKQ7qz4QCgl5+t ViLV9ny1Ie0rkIo0ga5y4lY= =Ptgt -----END PGP SIGNATURE----- --=-qfIE1ZQzjr+cfQQCf13v-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1048274983.13593.29.camel>