Date: Fri, 21 Mar 2003 14:29:44 -0500 From: Christopher Nehren <apeiron@comcast.net> To: security@freebsd.org Subject: [Fwd: GLSA: evolution (200303-18)] Message-ID: <1048274983.13593.29.camel@prophecy.dyndns.org>
next in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] Not released by the FreeBSD team, but AFAIK the version in ports is also vulnerable. -----Forwarded Message----- > From: Daniel Ahlberg <aliz@gentoo.org> > To: bugtraq@securityfocus.com > Subject: GLSA: evolution (200303-18) > Date: 21 Mar 2003 17:02:15 +0100 > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > - - --------------------------------------------------------------------- > GENTOO LINUX SECURITY ANNOUNCEMENT 200303-18 > - - --------------------------------------------------------------------- > > PACKAGE : evolution > SUMMARY : multiple vulnerabilities > DATE : 2003-03-21 16:02 UTC > EXPLOIT : remote > VERSIONS AFFECTED : <1.2.3 > FIXED VERSION : >=1.2.3 > CVE : CAN-2003-0128 CAN-2003-0129 CAN-2003-0130 > > - - --------------------------------------------------------------------- > > - From advisory: > > "Three vulnerabilities were found that could lead to various forms of > exploitation ranging from denying to users the ability to read email, > provoke system unstability, bypassing security context checks for > email content and possibly execution of arbitrary commands on > vulnerable systems." > > Read the full advisory at: > http://www.coresecurity.com/common/showdoc.php?idx=309&idxseccion=10 > > SOLUTION > > It is recommended that all Gentoo Linux users who are running > net-mail/evolution upgrade to evolution-1.2.3 as follows: > > emerge sync > emerge evolution > emerge clean > > - - --------------------------------------------------------------------- > aliz@gentoo.org - GnuPG key is available at http://cvs.gentoo.org/~aliz > - - --------------------------------------------------------------------- > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.1 (GNU/Linux) > > iD8DBQE+ezeDfT7nyhUpoZMRAqgFAKCMJiPWrcXzncBhgk1/lQ6F1qvdPwCff0L8 > puU/UmXZptBvDuVLe66YBNg= > =7I0C > -----END PGP SIGNATURE----- [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQA+e2gnUdqurN0fljsRAu5MAKCQsCuxDiQsv/lBab6vGtcKQ7qz4QCgl5+t ViLV9ny1Ie0rkIo0ga5y4lY= =Ptgt -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1048274983.13593.29.camel>