From owner-freebsd-gnome@FreeBSD.ORG Tue Jan 25 00:57:42 2005 Return-Path: Delivered-To: freebsd-gnome@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EAB3416A4CE for ; Tue, 25 Jan 2005 00:57:42 +0000 (GMT) Received: from zaphod.nitro.dk (port324.ds1-khk.adsl.cybercity.dk [212.242.113.79]) by mx1.FreeBSD.org (Postfix) with ESMTP id 90AB643D45 for ; Tue, 25 Jan 2005 00:57:42 +0000 (GMT) (envelope-from simon@zaphod.nitro.dk) Received: by zaphod.nitro.dk (Postfix, from userid 3000) id 82E9411E11; Tue, 25 Jan 2005 01:57:41 +0100 (CET) Date: Tue, 25 Jan 2005 01:57:41 +0100 From: "Simon L. Nielsen" To: gnome@FreeBSD.org Message-ID: <20050125005740.GB815@zaphod.nitro.dk> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="hYooF8G/hrfVAmum" Content-Disposition: inline User-Agent: Mutt/1.5.6i Subject: Security vulnerability in evolution X-BeenThere: freebsd-gnome@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: GNOME for FreeBSD -- porting and maintaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Jan 2005 00:57:43 -0000 --hYooF8G/hrfVAmum Content-Type: multipart/mixed; boundary="JYK4vJDZwFMowpUq" Content-Disposition: inline --JYK4vJDZwFMowpUq Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hello evolution maintainers As recently documented in the FreeBSD VuXML document [1] there is a security vulnerability in evolution. A patch, obtained from Debian Linux, is attached or an upstream version can be found at [2] (I don't know which patch is "best"). Please update the port as soon as possible. Thanks in advance. [1] http://vuxml.FreeBSD.org/b8943e61-6e68-11d9-a9e7-0001020eed82.html [2] http://cvs.gnome.org/viewcvs/evolution/camel/camel-lock-helper.c?rev=3D= 1.7&view=3Dlog#rev1.5.74.1 --=20 Simon L. Nielsen FreeBSD Security Team --JYK4vJDZwFMowpUq Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename=security_CAN-2005-0102 --- evolution-1.0.5.orig/camel/camel-lock-helper.c 2001-10-27 18:59:27.000000000 +0200 +++ evolution-1.0.5/camel/camel-lock-helper.c 2005-01-21 16:57:44.000000000 +0100 @@ -360,6 +360,8 @@ int main(int argc, char **argv) switch(msg.id) { case CAMEL_LOCK_HELPER_LOCK: res = CAMEL_LOCK_HELPER_STATUS_NOMEM; + if (msg.data+1 < msg.data) + break; path = malloc(msg.data+1); if (path != NULL) { res = CAMEL_LOCK_HELPER_STATUS_PROTOCOL; --JYK4vJDZwFMowpUq-- --hYooF8G/hrfVAmum Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQFB9ZmEh9pcDSc1mlERAhBfAKC3YW7PcpHhGG02/Z3mug6fGb0rWgCfUeB+ RbBSjCQa/Vmjktd3VwSjxrA= =XEuv -----END PGP SIGNATURE----- --hYooF8G/hrfVAmum--