FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
b8943e61-6e68-11d9-a9e7-0001020eed82evolution -- arbitrary code execution vulnerability

Martin Joey Schulze reports:

Max Vozeler discovered an integer overflow in the helper application camel-lock-helper which runs setuid root or setgid mail inside of Evolution, a free groupware suite. A local attacker can cause the setuid root helper to execute arbitrary code with elevated privileges via a malicious POP server.


Discovery 2005-01-20
Entry 2005-01-25
Modified 2005-02-02
evolution
< 2.0.3_1

12354
CVE-2005-0102
http://cvs.gnome.org/viewcvs/evolution/camel/camel-lock-helper.c?rev=1.7&view=log#rev1.5.74.1
e5afdf63-1746-11da-978e-0001020eed82evolution -- remote format string vulnerabilities

A SITIC Vulnerability Advisory reports:

Evolution suffers from several format string bugs when handling data from remote sources. These bugs lead to crashes or the execution of arbitrary assembly language code.

  1. The first format string bug occurs when viewing the full vCard data attached to an e-mail message.
  2. The second format string bug occurs when displaying contact data from remote LDAP servers.
  3. The third format string bug occurs when displaying task list data from remote servers.
  4. The fourth, and least serious, format string bug occurs when the user goes to the Calendars tab to save task list data that is vulnerable to problem 3 above. Other calendar entries that do not come from task lists are also affected.

Discovery 2005-08-10
Entry 2005-08-27
Modified 2006-03-24
evolution
gt 1.5 lt 2.2.3_1

14532
CVE-2005-2549
CVE-2005-2550
http://www.sitic.se/eng/advisories_and_recommendations/sa05-001.html