FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-01-15 13:57:56 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
e5afdf63-1746-11da-978e-0001020eed82	evolution -- remote format string vulnerabilities A SITIC Vulnerability Advisory reports: Evolution suffers from several format string bugs when handling data from remote sources. These bugs lead to crashes or the execution of arbitrary assembly language code. The first format string bug occurs when viewing the full vCard data attached to an e-mail message. The second format string bug occurs when displaying contact data from remote LDAP servers. The third format string bug occurs when displaying task list data from remote servers. The fourth, and least serious, format string bug occurs when the user goes to the Calendars tab to save task list data that is vulnerable to problem 3 above. Other calendar entries that do not come from task lists are also affected. Discovery 2005-08-10 Entry 2005-08-27 Modified 2006-03-24 evolution > 1.5 lt 2.2.3_1 14532 CVE-2005-2549 CVE-2005-2550 http://www.sitic.se/eng/advisories_and_recommendations/sa05-001.html
b8943e61-6e68-11d9-a9e7-0001020eed82	evolution -- arbitrary code execution vulnerability Martin Joey Schulze reports: Max Vozeler discovered an integer overflow in the helper application camel-lock-helper which runs setuid root or setgid mail inside of Evolution, a free groupware suite. A local attacker can cause the setuid root helper to execute arbitrary code with elevated privileges via a malicious POP server. Discovery 2005-01-20 Entry 2005-01-25 Modified 2005-02-02 evolution < 2.0.3_1 12354 CVE-2005-0102 http://cvs.gnome.org/viewcvs/evolution/camel/camel-lock-helper.c?rev=1.7&view=log#rev1.5.74.1

VuXML ID

Description

e5afdf63-1746-11da-978e-0001020eed82

evolution -- remote format string vulnerabilities

A SITIC Vulnerability Advisory reports:

Evolution suffers from several format string bugs when handling data from remote sources. These bugs lead to crashes or the execution of arbitrary assembly language code.

The first format string bug occurs when viewing the full vCard data attached to an e-mail message.

The second format string bug occurs when displaying contact data from remote LDAP servers.

The third format string bug occurs when displaying task list data from remote servers.

The fourth, and least serious, format string bug occurs when the user goes to the Calendars tab to save task list data that is vulnerable to problem 3 above. Other calendar entries that do not come from task lists are also affected.

Discovery 2005-08-10
Entry 2005-08-27
Modified 2006-03-24
evolution

> 1.5 lt 2.2.3_1

14532
CVE-2005-2549
CVE-2005-2550
http://www.sitic.se/eng/advisories_and_recommendations/sa05-001.html

b8943e61-6e68-11d9-a9e7-0001020eed82

evolution -- arbitrary code execution vulnerability

Martin Joey Schulze reports:

Max Vozeler discovered an integer overflow in the helper application camel-lock-helper which runs setuid root or setgid mail inside of Evolution, a free groupware suite. A local attacker can cause the setuid root helper to execute arbitrary code with elevated privileges via a malicious POP server.

Discovery 2005-01-20
Entry 2005-01-25
Modified 2005-02-02
evolution

< 2.0.3_1

12354
CVE-2005-0102
http://cvs.gnome.org/viewcvs/evolution/camel/camel-lock-helper.c?rev=1.7&view=log#rev1.5.74.1