Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2008-1109 (GCVE-0-2008-1109)
Vulnerability from cvelistv5 – Published: 2008-06-04 20:00 – Updated: 2024-08-07 08:08
VLAI?
EPSS
Summary
Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:08:57.396Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2008-5018",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00179.html"
},
{
"name": "ADV-2008-1732",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1732/references"
},
{
"name": "30298",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30298"
},
{
"name": "FEDORA-2008-5016",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00178.html"
},
{
"name": "30564",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30564"
},
{
"name": "SUSE-SA:2008:028",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00003.html"
},
{
"name": "RHSA-2008:0515",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0515.html"
},
{
"name": "GLSA-200806-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200806-06.xml"
},
{
"name": "30571",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30571"
},
{
"name": "FEDORA-2008-4990",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00157.html"
},
{
"name": "evolution-icalendar-description-bo(42826)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42826"
},
{
"name": "1020170",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020170"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2008-23/advisory/"
},
{
"name": "RHSA-2008:0514",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0514.html"
},
{
"name": "30716",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30716"
},
{
"name": "30527",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30527"
},
{
"name": "29527",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29527"
},
{
"name": "30702",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30702"
},
{
"name": "MDVSA-2008:111",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:111"
},
{
"name": "oval:org.mitre.oval:def:10337",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10337"
},
{
"name": "USN-615-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-615-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "FEDORA-2008-5018",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00179.html"
},
{
"name": "ADV-2008-1732",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1732/references"
},
{
"name": "30298",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30298"
},
{
"name": "FEDORA-2008-5016",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00178.html"
},
{
"name": "30564",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30564"
},
{
"name": "SUSE-SA:2008:028",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00003.html"
},
{
"name": "RHSA-2008:0515",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0515.html"
},
{
"name": "GLSA-200806-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200806-06.xml"
},
{
"name": "30571",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30571"
},
{
"name": "FEDORA-2008-4990",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00157.html"
},
{
"name": "evolution-icalendar-description-bo(42826)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42826"
},
{
"name": "1020170",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020170"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2008-23/advisory/"
},
{
"name": "RHSA-2008:0514",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0514.html"
},
{
"name": "30716",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30716"
},
{
"name": "30527",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30527"
},
{
"name": "29527",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29527"
},
{
"name": "30702",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30702"
},
{
"name": "MDVSA-2008:111",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:111"
},
{
"name": "oval:org.mitre.oval:def:10337",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10337"
},
{
"name": "USN-615-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-615-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2008-1109",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2008-5018",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00179.html"
},
{
"name": "ADV-2008-1732",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1732/references"
},
{
"name": "30298",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30298"
},
{
"name": "FEDORA-2008-5016",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00178.html"
},
{
"name": "30564",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30564"
},
{
"name": "SUSE-SA:2008:028",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00003.html"
},
{
"name": "RHSA-2008:0515",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0515.html"
},
{
"name": "GLSA-200806-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200806-06.xml"
},
{
"name": "30571",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30571"
},
{
"name": "FEDORA-2008-4990",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00157.html"
},
{
"name": "evolution-icalendar-description-bo(42826)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42826"
},
{
"name": "1020170",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020170"
},
{
"name": "http://secunia.com/secunia_research/2008-23/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2008-23/advisory/"
},
{
"name": "RHSA-2008:0514",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0514.html"
},
{
"name": "30716",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30716"
},
{
"name": "30527",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30527"
},
{
"name": "29527",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29527"
},
{
"name": "30702",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30702"
},
{
"name": "MDVSA-2008:111",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:111"
},
{
"name": "oval:org.mitre.oval:def:10337",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10337"
},
{
"name": "USN-615-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-615-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2008-1109",
"datePublished": "2008-06-04T20:00:00",
"dateReserved": "2008-02-29T00:00:00",
"dateUpdated": "2024-08-07T08:08:57.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnome:evolution:2.22.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DFFCC802-9313-4B56-97A8-9A18F04799DE\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window).\"}, {\"lang\": \"es\", \"value\": \"Desbordamiento de B\\u00fafer basado en mont\\u00edculo en Evolution 2.22.1 permite a atacantes remotos asistidos por el usuario, ejecutar c\\u00f3digo arbitrariamente mediante una propiedad DESCRIPTION larga en un adjunto iCalendar, que no es gestionado correctamente durante una respuesta en la vista de calendario (tambi\\u00e9n conocida como ventana de Calendarios).\"}]",
"id": "CVE-2008-1109",
"lastModified": "2024-11-21T00:43:41.947",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2008-06-04T20:32:00.000",
"references": "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00003.html\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://secunia.com/advisories/30298\", \"source\": \"PSIRT-CNA@flexerasoftware.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/30527\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://secunia.com/advisories/30564\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://secunia.com/advisories/30571\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://secunia.com/advisories/30702\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://secunia.com/advisories/30716\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://secunia.com/secunia_research/2008-23/advisory/\", \"source\": \"PSIRT-CNA@flexerasoftware.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://security.gentoo.org/glsa/glsa-200806-06.xml\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2008:111\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2008-0514.html\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2008-0515.html\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://www.securityfocus.com/bid/29527\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://www.securitytracker.com/id?1020170\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://www.ubuntu.com/usn/usn-615-1\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1732/references\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/42826\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10337\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00157.html\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00178.html\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00179.html\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00003.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/30298\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/30527\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/30564\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/30571\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/30702\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/30716\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/secunia_research/2008-23/advisory/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://security.gentoo.org/glsa/glsa-200806-06.xml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2008:111\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2008-0514.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2008-0515.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/29527\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1020170\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/usn-615-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1732/references\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/42826\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10337\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00157.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00178.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00179.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2008-1109\",\"sourceIdentifier\":\"PSIRT-CNA@flexerasoftware.com\",\"published\":\"2008-06-04T20:32:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window).\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de B\u00fafer basado en mont\u00edculo en Evolution 2.22.1 permite a atacantes remotos asistidos por el usuario, ejecutar c\u00f3digo arbitrariamente mediante una propiedad DESCRIPTION larga en un adjunto iCalendar, que no es gestionado correctamente durante una respuesta en la vista de calendario (tambi\u00e9n conocida como ventana de Calendarios).\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnome:evolution:2.22.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DFFCC802-9313-4B56-97A8-9A18F04799DE\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00003.html\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://secunia.com/advisories/30298\",\"source\":\"PSIRT-CNA@flexerasoftware.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/30527\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://secunia.com/advisories/30564\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://secunia.com/advisories/30571\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://secunia.com/advisories/30702\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://secunia.com/advisories/30716\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://secunia.com/secunia_research/2008-23/advisory/\",\"source\":\"PSIRT-CNA@flexerasoftware.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-200806-06.xml\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2008:111\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0514.html\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0515.html\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://www.securityfocus.com/bid/29527\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://www.securitytracker.com/id?1020170\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://www.ubuntu.com/usn/usn-615-1\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1732/references\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/42826\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10337\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00157.html\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00178.html\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00179.html\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/30298\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/30527\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/30564\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/30571\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/30702\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/30716\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/secunia_research/2008-23/advisory/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-200806-06.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2008:111\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0514.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0515.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/29527\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1020170\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/usn-615-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1732/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/42826\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10337\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00157.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00178.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00179.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
RHSA-2008_0515
Vulnerability from csaf_redhat - Published: 2008-06-04 12:49 - Updated: 2024-11-22 02:03Summary
Red Hat Security Advisory: evolution28 security update
Notes
Topic
Updated evolution28 packages that address two buffer overflow
vulnerabilities are now available for Red Hat Enterprise Linux 4.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Details
Evolution is the integrated collection of e-mail, calendaring, contact
management, communications and personal information management (PIM) tools
for the GNOME desktop environment.
A flaw was found in the way Evolution parsed iCalendar timezone attachment
data. If the Itip Formatter plug-in was disabled and a user opened a mail
with a carefully crafted iCalendar attachment, arbitrary code could be
executed as the user running Evolution. (CVE-2008-1108)
Note: the Itip Formatter plug-in, which allows calendar information
(attachments with a MIME type of "text/calendar") to be displayed as part
of the e-mail message, is enabled by default.
A heap-based buffer overflow flaw was found in the way Evolution parsed
iCalendar attachments with an overly long "DESCRIPTION" property string. If
a user responded to a carefully crafted iCalendar attachment in a
particular way, arbitrary code could be executed as the user running
Evolution. (CVE-2008-1109).
The particular response required to trigger this vulnerability was as
follows:
1. Receive the carefully crafted iCalendar attachment.
2. Accept the associated meeting.
3. Open the calender the meeting was in.
4. Reply to the sender.
Red Hat would like to thank Alin Rad Pop of Secunia Research for
responsibly disclosing these issues.
All Evolution users should upgrade to these updated packages, which contain
backported patches which resolves these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated evolution28 packages that address two buffer overflow\nvulnerabilities are now available for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "Evolution is the integrated collection of e-mail, calendaring, contact\nmanagement, communications and personal information management (PIM) tools\nfor the GNOME desktop environment.\n\nA flaw was found in the way Evolution parsed iCalendar timezone attachment\ndata. If the Itip Formatter plug-in was disabled and a user opened a mail\nwith a carefully crafted iCalendar attachment, arbitrary code could be\nexecuted as the user running Evolution. (CVE-2008-1108)\n\nNote: the Itip Formatter plug-in, which allows calendar information\n(attachments with a MIME type of \"text/calendar\") to be displayed as part\nof the e-mail message, is enabled by default.\n\nA heap-based buffer overflow flaw was found in the way Evolution parsed\niCalendar attachments with an overly long \"DESCRIPTION\" property string. If\na user responded to a carefully crafted iCalendar attachment in a\nparticular way, arbitrary code could be executed as the user running\nEvolution. (CVE-2008-1109).\n\nThe particular response required to trigger this vulnerability was as\nfollows:\n\n1. Receive the carefully crafted iCalendar attachment.\n2. Accept the associated meeting.\n3. Open the calender the meeting was in.\n4. Reply to the sender.\n\nRed Hat would like to thank Alin Rad Pop of Secunia Research for\nresponsibly disclosing these issues.\n\nAll Evolution users should upgrade to these updated packages, which contain\nbackported patches which resolves these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2008:0515",
"url": "https://access.redhat.com/errata/RHSA-2008:0515"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "448540",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=448540"
},
{
"category": "external",
"summary": "448541",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=448541"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0515.json"
}
],
"title": "Red Hat Security Advisory: evolution28 security update",
"tracking": {
"current_release_date": "2024-11-22T02:03:01+00:00",
"generator": {
"date": "2024-11-22T02:03:01+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2008:0515",
"initial_release_date": "2008-06-04T12:49:00+00:00",
"revision_history": [
{
"date": "2008-06-04T12:49:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2008-06-04T08:57:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T02:03:01+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 4",
"product": {
"name": "Red Hat Enterprise Linux AS version 4",
"product_id": "4AS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop version 4",
"product": {
"name": "Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::desktop"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 4",
"product": {
"name": "Red Hat Enterprise Linux ES version 4",
"product_id": "4ES",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::es"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 4",
"product": {
"name": "Red Hat Enterprise Linux WS version 4",
"product_id": "4WS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::ws"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64",
"product": {
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64",
"product_id": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/evolution28-debuginfo@2.8.0-53.el4_6.3?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.ia64",
"product": {
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.ia64",
"product_id": "evolution28-devel-0:2.8.0-53.el4_6.3.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/evolution28-devel@2.8.0-53.el4_6.3?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "evolution28-0:2.8.0-53.el4_6.3.ia64",
"product": {
"name": "evolution28-0:2.8.0-53.el4_6.3.ia64",
"product_id": "evolution28-0:2.8.0-53.el4_6.3.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/evolution28@2.8.0-53.el4_6.3?arch=ia64"
}
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64",
"product": {
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64",
"product_id": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/evolution28-debuginfo@2.8.0-53.el4_6.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.x86_64",
"product": {
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.x86_64",
"product_id": "evolution28-devel-0:2.8.0-53.el4_6.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/evolution28-devel@2.8.0-53.el4_6.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "evolution28-0:2.8.0-53.el4_6.3.x86_64",
"product": {
"name": "evolution28-0:2.8.0-53.el4_6.3.x86_64",
"product_id": "evolution28-0:2.8.0-53.el4_6.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/evolution28@2.8.0-53.el4_6.3?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386",
"product": {
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386",
"product_id": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/evolution28-debuginfo@2.8.0-53.el4_6.3?arch=i386"
}
}
},
{
"category": "product_version",
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.i386",
"product": {
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.i386",
"product_id": "evolution28-devel-0:2.8.0-53.el4_6.3.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/evolution28-devel@2.8.0-53.el4_6.3?arch=i386"
}
}
},
{
"category": "product_version",
"name": "evolution28-0:2.8.0-53.el4_6.3.i386",
"product": {
"name": "evolution28-0:2.8.0-53.el4_6.3.i386",
"product_id": "evolution28-0:2.8.0-53.el4_6.3.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/evolution28@2.8.0-53.el4_6.3?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "evolution28-0:2.8.0-53.el4_6.3.src",
"product": {
"name": "evolution28-0:2.8.0-53.el4_6.3.src",
"product_id": "evolution28-0:2.8.0-53.el4_6.3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/evolution28@2.8.0-53.el4_6.3?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc",
"product": {
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc",
"product_id": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/evolution28-debuginfo@2.8.0-53.el4_6.3?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.ppc",
"product": {
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.ppc",
"product_id": "evolution28-devel-0:2.8.0-53.el4_6.3.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/evolution28-devel@2.8.0-53.el4_6.3?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "evolution28-0:2.8.0-53.el4_6.3.ppc",
"product": {
"name": "evolution28-0:2.8.0-53.el4_6.3.ppc",
"product_id": "evolution28-0:2.8.0-53.el4_6.3.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/evolution28@2.8.0-53.el4_6.3?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x",
"product": {
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x",
"product_id": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/evolution28-debuginfo@2.8.0-53.el4_6.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.s390x",
"product": {
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.s390x",
"product_id": "evolution28-devel-0:2.8.0-53.el4_6.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/evolution28-devel@2.8.0-53.el4_6.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "evolution28-0:2.8.0-53.el4_6.3.s390x",
"product": {
"name": "evolution28-0:2.8.0-53.el4_6.3.s390x",
"product_id": "evolution28-0:2.8.0-53.el4_6.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/evolution28@2.8.0-53.el4_6.3?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390",
"product": {
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390",
"product_id": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/evolution28-debuginfo@2.8.0-53.el4_6.3?arch=s390"
}
}
},
{
"category": "product_version",
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.s390",
"product": {
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.s390",
"product_id": "evolution28-devel-0:2.8.0-53.el4_6.3.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/evolution28-devel@2.8.0-53.el4_6.3?arch=s390"
}
}
},
{
"category": "product_version",
"name": "evolution28-0:2.8.0-53.el4_6.3.s390",
"product": {
"name": "evolution28-0:2.8.0-53.el4_6.3.s390",
"product_id": "evolution28-0:2.8.0-53.el4_6.3.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/evolution28@2.8.0-53.el4_6.3?arch=s390"
}
}
}
],
"category": "architecture",
"name": "s390"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-0:2.8.0-53.el4_6.3.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:evolution28-0:2.8.0-53.el4_6.3.i386"
},
"product_reference": "evolution28-0:2.8.0-53.el4_6.3.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-0:2.8.0-53.el4_6.3.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:evolution28-0:2.8.0-53.el4_6.3.ia64"
},
"product_reference": "evolution28-0:2.8.0-53.el4_6.3.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-0:2.8.0-53.el4_6.3.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:evolution28-0:2.8.0-53.el4_6.3.ppc"
},
"product_reference": "evolution28-0:2.8.0-53.el4_6.3.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-0:2.8.0-53.el4_6.3.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:evolution28-0:2.8.0-53.el4_6.3.s390"
},
"product_reference": "evolution28-0:2.8.0-53.el4_6.3.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-0:2.8.0-53.el4_6.3.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:evolution28-0:2.8.0-53.el4_6.3.s390x"
},
"product_reference": "evolution28-0:2.8.0-53.el4_6.3.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-0:2.8.0-53.el4_6.3.src as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:evolution28-0:2.8.0-53.el4_6.3.src"
},
"product_reference": "evolution28-0:2.8.0-53.el4_6.3.src",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-0:2.8.0-53.el4_6.3.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:evolution28-0:2.8.0-53.el4_6.3.x86_64"
},
"product_reference": "evolution28-0:2.8.0-53.el4_6.3.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386"
},
"product_reference": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64"
},
"product_reference": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc"
},
"product_reference": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390"
},
"product_reference": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x"
},
"product_reference": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64"
},
"product_reference": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.i386"
},
"product_reference": "evolution28-devel-0:2.8.0-53.el4_6.3.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64"
},
"product_reference": "evolution28-devel-0:2.8.0-53.el4_6.3.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc"
},
"product_reference": "evolution28-devel-0:2.8.0-53.el4_6.3.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390"
},
"product_reference": "evolution28-devel-0:2.8.0-53.el4_6.3.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x"
},
"product_reference": "evolution28-devel-0:2.8.0-53.el4_6.3.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64"
},
"product_reference": "evolution28-devel-0:2.8.0-53.el4_6.3.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-0:2.8.0-53.el4_6.3.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:evolution28-0:2.8.0-53.el4_6.3.i386"
},
"product_reference": "evolution28-0:2.8.0-53.el4_6.3.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-0:2.8.0-53.el4_6.3.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:evolution28-0:2.8.0-53.el4_6.3.ia64"
},
"product_reference": "evolution28-0:2.8.0-53.el4_6.3.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-0:2.8.0-53.el4_6.3.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:evolution28-0:2.8.0-53.el4_6.3.ppc"
},
"product_reference": "evolution28-0:2.8.0-53.el4_6.3.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-0:2.8.0-53.el4_6.3.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390"
},
"product_reference": "evolution28-0:2.8.0-53.el4_6.3.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-0:2.8.0-53.el4_6.3.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390x"
},
"product_reference": "evolution28-0:2.8.0-53.el4_6.3.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-0:2.8.0-53.el4_6.3.src as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:evolution28-0:2.8.0-53.el4_6.3.src"
},
"product_reference": "evolution28-0:2.8.0-53.el4_6.3.src",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-0:2.8.0-53.el4_6.3.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:evolution28-0:2.8.0-53.el4_6.3.x86_64"
},
"product_reference": "evolution28-0:2.8.0-53.el4_6.3.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386"
},
"product_reference": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64"
},
"product_reference": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc"
},
"product_reference": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390"
},
"product_reference": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x"
},
"product_reference": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64"
},
"product_reference": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.i386"
},
"product_reference": "evolution28-devel-0:2.8.0-53.el4_6.3.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ia64"
},
"product_reference": "evolution28-devel-0:2.8.0-53.el4_6.3.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ppc"
},
"product_reference": "evolution28-devel-0:2.8.0-53.el4_6.3.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390"
},
"product_reference": "evolution28-devel-0:2.8.0-53.el4_6.3.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390x"
},
"product_reference": "evolution28-devel-0:2.8.0-53.el4_6.3.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64"
},
"product_reference": "evolution28-devel-0:2.8.0-53.el4_6.3.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-0:2.8.0-53.el4_6.3.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:evolution28-0:2.8.0-53.el4_6.3.i386"
},
"product_reference": "evolution28-0:2.8.0-53.el4_6.3.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-0:2.8.0-53.el4_6.3.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:evolution28-0:2.8.0-53.el4_6.3.ia64"
},
"product_reference": "evolution28-0:2.8.0-53.el4_6.3.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-0:2.8.0-53.el4_6.3.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:evolution28-0:2.8.0-53.el4_6.3.ppc"
},
"product_reference": "evolution28-0:2.8.0-53.el4_6.3.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-0:2.8.0-53.el4_6.3.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:evolution28-0:2.8.0-53.el4_6.3.s390"
},
"product_reference": "evolution28-0:2.8.0-53.el4_6.3.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-0:2.8.0-53.el4_6.3.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:evolution28-0:2.8.0-53.el4_6.3.s390x"
},
"product_reference": "evolution28-0:2.8.0-53.el4_6.3.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-0:2.8.0-53.el4_6.3.src as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:evolution28-0:2.8.0-53.el4_6.3.src"
},
"product_reference": "evolution28-0:2.8.0-53.el4_6.3.src",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-0:2.8.0-53.el4_6.3.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:evolution28-0:2.8.0-53.el4_6.3.x86_64"
},
"product_reference": "evolution28-0:2.8.0-53.el4_6.3.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386"
},
"product_reference": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64"
},
"product_reference": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc"
},
"product_reference": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390"
},
"product_reference": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x"
},
"product_reference": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64"
},
"product_reference": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.i386"
},
"product_reference": "evolution28-devel-0:2.8.0-53.el4_6.3.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ia64"
},
"product_reference": "evolution28-devel-0:2.8.0-53.el4_6.3.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ppc"
},
"product_reference": "evolution28-devel-0:2.8.0-53.el4_6.3.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390"
},
"product_reference": "evolution28-devel-0:2.8.0-53.el4_6.3.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390x"
},
"product_reference": "evolution28-devel-0:2.8.0-53.el4_6.3.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64"
},
"product_reference": "evolution28-devel-0:2.8.0-53.el4_6.3.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-0:2.8.0-53.el4_6.3.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:evolution28-0:2.8.0-53.el4_6.3.i386"
},
"product_reference": "evolution28-0:2.8.0-53.el4_6.3.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-0:2.8.0-53.el4_6.3.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:evolution28-0:2.8.0-53.el4_6.3.ia64"
},
"product_reference": "evolution28-0:2.8.0-53.el4_6.3.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-0:2.8.0-53.el4_6.3.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:evolution28-0:2.8.0-53.el4_6.3.ppc"
},
"product_reference": "evolution28-0:2.8.0-53.el4_6.3.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-0:2.8.0-53.el4_6.3.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:evolution28-0:2.8.0-53.el4_6.3.s390"
},
"product_reference": "evolution28-0:2.8.0-53.el4_6.3.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-0:2.8.0-53.el4_6.3.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:evolution28-0:2.8.0-53.el4_6.3.s390x"
},
"product_reference": "evolution28-0:2.8.0-53.el4_6.3.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-0:2.8.0-53.el4_6.3.src as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:evolution28-0:2.8.0-53.el4_6.3.src"
},
"product_reference": "evolution28-0:2.8.0-53.el4_6.3.src",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-0:2.8.0-53.el4_6.3.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:evolution28-0:2.8.0-53.el4_6.3.x86_64"
},
"product_reference": "evolution28-0:2.8.0-53.el4_6.3.x86_64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386"
},
"product_reference": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64"
},
"product_reference": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc"
},
"product_reference": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390"
},
"product_reference": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x"
},
"product_reference": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64"
},
"product_reference": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.i386"
},
"product_reference": "evolution28-devel-0:2.8.0-53.el4_6.3.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64"
},
"product_reference": "evolution28-devel-0:2.8.0-53.el4_6.3.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc"
},
"product_reference": "evolution28-devel-0:2.8.0-53.el4_6.3.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390"
},
"product_reference": "evolution28-devel-0:2.8.0-53.el4_6.3.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x"
},
"product_reference": "evolution28-devel-0:2.8.0-53.el4_6.3.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64"
},
"product_reference": "evolution28-devel-0:2.8.0-53.el4_6.3.x86_64",
"relates_to_product_reference": "4WS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Alin Rad Pop"
],
"organization": "Secunia Research"
}
],
"cve": "CVE-2008-1108",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2008-05-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "448540"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled, allows remote attackers to execute arbitrary code via a long timezone string in an iCalendar attachment.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "evolution: iCalendar buffer overflow via large timezone specification",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:evolution28-0:2.8.0-53.el4_6.3.i386",
"4AS:evolution28-0:2.8.0-53.el4_6.3.ia64",
"4AS:evolution28-0:2.8.0-53.el4_6.3.ppc",
"4AS:evolution28-0:2.8.0-53.el4_6.3.s390",
"4AS:evolution28-0:2.8.0-53.el4_6.3.s390x",
"4AS:evolution28-0:2.8.0-53.el4_6.3.src",
"4AS:evolution28-0:2.8.0-53.el4_6.3.x86_64",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.i386",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.i386",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.ia64",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.ppc",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390x",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.src",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.x86_64",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.i386",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ia64",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ppc",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390x",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64",
"4ES:evolution28-0:2.8.0-53.el4_6.3.i386",
"4ES:evolution28-0:2.8.0-53.el4_6.3.ia64",
"4ES:evolution28-0:2.8.0-53.el4_6.3.ppc",
"4ES:evolution28-0:2.8.0-53.el4_6.3.s390",
"4ES:evolution28-0:2.8.0-53.el4_6.3.s390x",
"4ES:evolution28-0:2.8.0-53.el4_6.3.src",
"4ES:evolution28-0:2.8.0-53.el4_6.3.x86_64",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.i386",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ia64",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ppc",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390x",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64",
"4WS:evolution28-0:2.8.0-53.el4_6.3.i386",
"4WS:evolution28-0:2.8.0-53.el4_6.3.ia64",
"4WS:evolution28-0:2.8.0-53.el4_6.3.ppc",
"4WS:evolution28-0:2.8.0-53.el4_6.3.s390",
"4WS:evolution28-0:2.8.0-53.el4_6.3.s390x",
"4WS:evolution28-0:2.8.0-53.el4_6.3.src",
"4WS:evolution28-0:2.8.0-53.el4_6.3.x86_64",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.i386",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-1108"
},
{
"category": "external",
"summary": "RHBZ#448540",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=448540"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-1108",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1108"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1108",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1108"
}
],
"release_date": "2008-06-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-06-04T12:49:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"4AS:evolution28-0:2.8.0-53.el4_6.3.i386",
"4AS:evolution28-0:2.8.0-53.el4_6.3.ia64",
"4AS:evolution28-0:2.8.0-53.el4_6.3.ppc",
"4AS:evolution28-0:2.8.0-53.el4_6.3.s390",
"4AS:evolution28-0:2.8.0-53.el4_6.3.s390x",
"4AS:evolution28-0:2.8.0-53.el4_6.3.src",
"4AS:evolution28-0:2.8.0-53.el4_6.3.x86_64",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.i386",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.i386",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.ia64",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.ppc",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390x",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.src",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.x86_64",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.i386",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ia64",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ppc",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390x",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64",
"4ES:evolution28-0:2.8.0-53.el4_6.3.i386",
"4ES:evolution28-0:2.8.0-53.el4_6.3.ia64",
"4ES:evolution28-0:2.8.0-53.el4_6.3.ppc",
"4ES:evolution28-0:2.8.0-53.el4_6.3.s390",
"4ES:evolution28-0:2.8.0-53.el4_6.3.s390x",
"4ES:evolution28-0:2.8.0-53.el4_6.3.src",
"4ES:evolution28-0:2.8.0-53.el4_6.3.x86_64",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.i386",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ia64",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ppc",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390x",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64",
"4WS:evolution28-0:2.8.0-53.el4_6.3.i386",
"4WS:evolution28-0:2.8.0-53.el4_6.3.ia64",
"4WS:evolution28-0:2.8.0-53.el4_6.3.ppc",
"4WS:evolution28-0:2.8.0-53.el4_6.3.s390",
"4WS:evolution28-0:2.8.0-53.el4_6.3.s390x",
"4WS:evolution28-0:2.8.0-53.el4_6.3.src",
"4WS:evolution28-0:2.8.0-53.el4_6.3.x86_64",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.i386",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0515"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:evolution28-0:2.8.0-53.el4_6.3.i386",
"4AS:evolution28-0:2.8.0-53.el4_6.3.ia64",
"4AS:evolution28-0:2.8.0-53.el4_6.3.ppc",
"4AS:evolution28-0:2.8.0-53.el4_6.3.s390",
"4AS:evolution28-0:2.8.0-53.el4_6.3.s390x",
"4AS:evolution28-0:2.8.0-53.el4_6.3.src",
"4AS:evolution28-0:2.8.0-53.el4_6.3.x86_64",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.i386",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.i386",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.ia64",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.ppc",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390x",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.src",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.x86_64",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.i386",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ia64",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ppc",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390x",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64",
"4ES:evolution28-0:2.8.0-53.el4_6.3.i386",
"4ES:evolution28-0:2.8.0-53.el4_6.3.ia64",
"4ES:evolution28-0:2.8.0-53.el4_6.3.ppc",
"4ES:evolution28-0:2.8.0-53.el4_6.3.s390",
"4ES:evolution28-0:2.8.0-53.el4_6.3.s390x",
"4ES:evolution28-0:2.8.0-53.el4_6.3.src",
"4ES:evolution28-0:2.8.0-53.el4_6.3.x86_64",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.i386",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ia64",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ppc",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390x",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64",
"4WS:evolution28-0:2.8.0-53.el4_6.3.i386",
"4WS:evolution28-0:2.8.0-53.el4_6.3.ia64",
"4WS:evolution28-0:2.8.0-53.el4_6.3.ppc",
"4WS:evolution28-0:2.8.0-53.el4_6.3.s390",
"4WS:evolution28-0:2.8.0-53.el4_6.3.s390x",
"4WS:evolution28-0:2.8.0-53.el4_6.3.src",
"4WS:evolution28-0:2.8.0-53.el4_6.3.x86_64",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.i386",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "evolution: iCalendar buffer overflow via large timezone specification"
},
{
"acknowledgments": [
{
"names": [
"Alin Rad Pop"
],
"organization": "Secunia Research"
}
],
"cve": "CVE-2008-1109",
"discovery_date": "2008-05-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "448541"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "evolution: iCalendar buffer overflow via large description parameter",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:evolution28-0:2.8.0-53.el4_6.3.i386",
"4AS:evolution28-0:2.8.0-53.el4_6.3.ia64",
"4AS:evolution28-0:2.8.0-53.el4_6.3.ppc",
"4AS:evolution28-0:2.8.0-53.el4_6.3.s390",
"4AS:evolution28-0:2.8.0-53.el4_6.3.s390x",
"4AS:evolution28-0:2.8.0-53.el4_6.3.src",
"4AS:evolution28-0:2.8.0-53.el4_6.3.x86_64",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.i386",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.i386",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.ia64",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.ppc",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390x",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.src",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.x86_64",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.i386",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ia64",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ppc",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390x",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64",
"4ES:evolution28-0:2.8.0-53.el4_6.3.i386",
"4ES:evolution28-0:2.8.0-53.el4_6.3.ia64",
"4ES:evolution28-0:2.8.0-53.el4_6.3.ppc",
"4ES:evolution28-0:2.8.0-53.el4_6.3.s390",
"4ES:evolution28-0:2.8.0-53.el4_6.3.s390x",
"4ES:evolution28-0:2.8.0-53.el4_6.3.src",
"4ES:evolution28-0:2.8.0-53.el4_6.3.x86_64",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.i386",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ia64",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ppc",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390x",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64",
"4WS:evolution28-0:2.8.0-53.el4_6.3.i386",
"4WS:evolution28-0:2.8.0-53.el4_6.3.ia64",
"4WS:evolution28-0:2.8.0-53.el4_6.3.ppc",
"4WS:evolution28-0:2.8.0-53.el4_6.3.s390",
"4WS:evolution28-0:2.8.0-53.el4_6.3.s390x",
"4WS:evolution28-0:2.8.0-53.el4_6.3.src",
"4WS:evolution28-0:2.8.0-53.el4_6.3.x86_64",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.i386",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-1109"
},
{
"category": "external",
"summary": "RHBZ#448541",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=448541"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-1109",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1109"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1109",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1109"
}
],
"release_date": "2008-06-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-06-04T12:49:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"4AS:evolution28-0:2.8.0-53.el4_6.3.i386",
"4AS:evolution28-0:2.8.0-53.el4_6.3.ia64",
"4AS:evolution28-0:2.8.0-53.el4_6.3.ppc",
"4AS:evolution28-0:2.8.0-53.el4_6.3.s390",
"4AS:evolution28-0:2.8.0-53.el4_6.3.s390x",
"4AS:evolution28-0:2.8.0-53.el4_6.3.src",
"4AS:evolution28-0:2.8.0-53.el4_6.3.x86_64",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.i386",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.i386",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.ia64",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.ppc",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390x",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.src",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.x86_64",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.i386",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ia64",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ppc",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390x",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64",
"4ES:evolution28-0:2.8.0-53.el4_6.3.i386",
"4ES:evolution28-0:2.8.0-53.el4_6.3.ia64",
"4ES:evolution28-0:2.8.0-53.el4_6.3.ppc",
"4ES:evolution28-0:2.8.0-53.el4_6.3.s390",
"4ES:evolution28-0:2.8.0-53.el4_6.3.s390x",
"4ES:evolution28-0:2.8.0-53.el4_6.3.src",
"4ES:evolution28-0:2.8.0-53.el4_6.3.x86_64",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.i386",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ia64",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ppc",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390x",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64",
"4WS:evolution28-0:2.8.0-53.el4_6.3.i386",
"4WS:evolution28-0:2.8.0-53.el4_6.3.ia64",
"4WS:evolution28-0:2.8.0-53.el4_6.3.ppc",
"4WS:evolution28-0:2.8.0-53.el4_6.3.s390",
"4WS:evolution28-0:2.8.0-53.el4_6.3.s390x",
"4WS:evolution28-0:2.8.0-53.el4_6.3.src",
"4WS:evolution28-0:2.8.0-53.el4_6.3.x86_64",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.i386",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0515"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:evolution28-0:2.8.0-53.el4_6.3.i386",
"4AS:evolution28-0:2.8.0-53.el4_6.3.ia64",
"4AS:evolution28-0:2.8.0-53.el4_6.3.ppc",
"4AS:evolution28-0:2.8.0-53.el4_6.3.s390",
"4AS:evolution28-0:2.8.0-53.el4_6.3.s390x",
"4AS:evolution28-0:2.8.0-53.el4_6.3.src",
"4AS:evolution28-0:2.8.0-53.el4_6.3.x86_64",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.i386",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.i386",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.ia64",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.ppc",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390x",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.src",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.x86_64",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.i386",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ia64",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ppc",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390x",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64",
"4ES:evolution28-0:2.8.0-53.el4_6.3.i386",
"4ES:evolution28-0:2.8.0-53.el4_6.3.ia64",
"4ES:evolution28-0:2.8.0-53.el4_6.3.ppc",
"4ES:evolution28-0:2.8.0-53.el4_6.3.s390",
"4ES:evolution28-0:2.8.0-53.el4_6.3.s390x",
"4ES:evolution28-0:2.8.0-53.el4_6.3.src",
"4ES:evolution28-0:2.8.0-53.el4_6.3.x86_64",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.i386",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ia64",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ppc",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390x",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64",
"4WS:evolution28-0:2.8.0-53.el4_6.3.i386",
"4WS:evolution28-0:2.8.0-53.el4_6.3.ia64",
"4WS:evolution28-0:2.8.0-53.el4_6.3.ppc",
"4WS:evolution28-0:2.8.0-53.el4_6.3.s390",
"4WS:evolution28-0:2.8.0-53.el4_6.3.s390x",
"4WS:evolution28-0:2.8.0-53.el4_6.3.src",
"4WS:evolution28-0:2.8.0-53.el4_6.3.x86_64",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.i386",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "evolution: iCalendar buffer overflow via large description parameter"
}
]
}
RHSA-2008:0515
Vulnerability from csaf_redhat - Published: 2008-06-04 12:49 - Updated: 2025-11-21 17:33Summary
Red Hat Security Advisory: evolution28 security update
Notes
Topic
Updated evolution28 packages that address two buffer overflow
vulnerabilities are now available for Red Hat Enterprise Linux 4.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Details
Evolution is the integrated collection of e-mail, calendaring, contact
management, communications and personal information management (PIM) tools
for the GNOME desktop environment.
A flaw was found in the way Evolution parsed iCalendar timezone attachment
data. If the Itip Formatter plug-in was disabled and a user opened a mail
with a carefully crafted iCalendar attachment, arbitrary code could be
executed as the user running Evolution. (CVE-2008-1108)
Note: the Itip Formatter plug-in, which allows calendar information
(attachments with a MIME type of "text/calendar") to be displayed as part
of the e-mail message, is enabled by default.
A heap-based buffer overflow flaw was found in the way Evolution parsed
iCalendar attachments with an overly long "DESCRIPTION" property string. If
a user responded to a carefully crafted iCalendar attachment in a
particular way, arbitrary code could be executed as the user running
Evolution. (CVE-2008-1109).
The particular response required to trigger this vulnerability was as
follows:
1. Receive the carefully crafted iCalendar attachment.
2. Accept the associated meeting.
3. Open the calender the meeting was in.
4. Reply to the sender.
Red Hat would like to thank Alin Rad Pop of Secunia Research for
responsibly disclosing these issues.
All Evolution users should upgrade to these updated packages, which contain
backported patches which resolves these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated evolution28 packages that address two buffer overflow\nvulnerabilities are now available for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "Evolution is the integrated collection of e-mail, calendaring, contact\nmanagement, communications and personal information management (PIM) tools\nfor the GNOME desktop environment.\n\nA flaw was found in the way Evolution parsed iCalendar timezone attachment\ndata. If the Itip Formatter plug-in was disabled and a user opened a mail\nwith a carefully crafted iCalendar attachment, arbitrary code could be\nexecuted as the user running Evolution. (CVE-2008-1108)\n\nNote: the Itip Formatter plug-in, which allows calendar information\n(attachments with a MIME type of \"text/calendar\") to be displayed as part\nof the e-mail message, is enabled by default.\n\nA heap-based buffer overflow flaw was found in the way Evolution parsed\niCalendar attachments with an overly long \"DESCRIPTION\" property string. If\na user responded to a carefully crafted iCalendar attachment in a\nparticular way, arbitrary code could be executed as the user running\nEvolution. (CVE-2008-1109).\n\nThe particular response required to trigger this vulnerability was as\nfollows:\n\n1. Receive the carefully crafted iCalendar attachment.\n2. Accept the associated meeting.\n3. Open the calender the meeting was in.\n4. Reply to the sender.\n\nRed Hat would like to thank Alin Rad Pop of Secunia Research for\nresponsibly disclosing these issues.\n\nAll Evolution users should upgrade to these updated packages, which contain\nbackported patches which resolves these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2008:0515",
"url": "https://access.redhat.com/errata/RHSA-2008:0515"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "448540",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=448540"
},
{
"category": "external",
"summary": "448541",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=448541"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0515.json"
}
],
"title": "Red Hat Security Advisory: evolution28 security update",
"tracking": {
"current_release_date": "2025-11-21T17:33:22+00:00",
"generator": {
"date": "2025-11-21T17:33:22+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2008:0515",
"initial_release_date": "2008-06-04T12:49:00+00:00",
"revision_history": [
{
"date": "2008-06-04T12:49:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2008-06-04T08:57:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:33:22+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 4",
"product": {
"name": "Red Hat Enterprise Linux AS version 4",
"product_id": "4AS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop version 4",
"product": {
"name": "Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::desktop"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 4",
"product": {
"name": "Red Hat Enterprise Linux ES version 4",
"product_id": "4ES",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::es"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 4",
"product": {
"name": "Red Hat Enterprise Linux WS version 4",
"product_id": "4WS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::ws"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64",
"product": {
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64",
"product_id": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/evolution28-debuginfo@2.8.0-53.el4_6.3?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.ia64",
"product": {
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.ia64",
"product_id": "evolution28-devel-0:2.8.0-53.el4_6.3.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/evolution28-devel@2.8.0-53.el4_6.3?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "evolution28-0:2.8.0-53.el4_6.3.ia64",
"product": {
"name": "evolution28-0:2.8.0-53.el4_6.3.ia64",
"product_id": "evolution28-0:2.8.0-53.el4_6.3.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/evolution28@2.8.0-53.el4_6.3?arch=ia64"
}
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64",
"product": {
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64",
"product_id": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/evolution28-debuginfo@2.8.0-53.el4_6.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.x86_64",
"product": {
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.x86_64",
"product_id": "evolution28-devel-0:2.8.0-53.el4_6.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/evolution28-devel@2.8.0-53.el4_6.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "evolution28-0:2.8.0-53.el4_6.3.x86_64",
"product": {
"name": "evolution28-0:2.8.0-53.el4_6.3.x86_64",
"product_id": "evolution28-0:2.8.0-53.el4_6.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/evolution28@2.8.0-53.el4_6.3?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386",
"product": {
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386",
"product_id": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/evolution28-debuginfo@2.8.0-53.el4_6.3?arch=i386"
}
}
},
{
"category": "product_version",
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.i386",
"product": {
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.i386",
"product_id": "evolution28-devel-0:2.8.0-53.el4_6.3.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/evolution28-devel@2.8.0-53.el4_6.3?arch=i386"
}
}
},
{
"category": "product_version",
"name": "evolution28-0:2.8.0-53.el4_6.3.i386",
"product": {
"name": "evolution28-0:2.8.0-53.el4_6.3.i386",
"product_id": "evolution28-0:2.8.0-53.el4_6.3.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/evolution28@2.8.0-53.el4_6.3?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "evolution28-0:2.8.0-53.el4_6.3.src",
"product": {
"name": "evolution28-0:2.8.0-53.el4_6.3.src",
"product_id": "evolution28-0:2.8.0-53.el4_6.3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/evolution28@2.8.0-53.el4_6.3?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc",
"product": {
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc",
"product_id": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/evolution28-debuginfo@2.8.0-53.el4_6.3?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.ppc",
"product": {
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.ppc",
"product_id": "evolution28-devel-0:2.8.0-53.el4_6.3.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/evolution28-devel@2.8.0-53.el4_6.3?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "evolution28-0:2.8.0-53.el4_6.3.ppc",
"product": {
"name": "evolution28-0:2.8.0-53.el4_6.3.ppc",
"product_id": "evolution28-0:2.8.0-53.el4_6.3.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/evolution28@2.8.0-53.el4_6.3?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x",
"product": {
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x",
"product_id": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/evolution28-debuginfo@2.8.0-53.el4_6.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.s390x",
"product": {
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.s390x",
"product_id": "evolution28-devel-0:2.8.0-53.el4_6.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/evolution28-devel@2.8.0-53.el4_6.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "evolution28-0:2.8.0-53.el4_6.3.s390x",
"product": {
"name": "evolution28-0:2.8.0-53.el4_6.3.s390x",
"product_id": "evolution28-0:2.8.0-53.el4_6.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/evolution28@2.8.0-53.el4_6.3?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390",
"product": {
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390",
"product_id": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/evolution28-debuginfo@2.8.0-53.el4_6.3?arch=s390"
}
}
},
{
"category": "product_version",
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.s390",
"product": {
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.s390",
"product_id": "evolution28-devel-0:2.8.0-53.el4_6.3.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/evolution28-devel@2.8.0-53.el4_6.3?arch=s390"
}
}
},
{
"category": "product_version",
"name": "evolution28-0:2.8.0-53.el4_6.3.s390",
"product": {
"name": "evolution28-0:2.8.0-53.el4_6.3.s390",
"product_id": "evolution28-0:2.8.0-53.el4_6.3.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/evolution28@2.8.0-53.el4_6.3?arch=s390"
}
}
}
],
"category": "architecture",
"name": "s390"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-0:2.8.0-53.el4_6.3.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:evolution28-0:2.8.0-53.el4_6.3.i386"
},
"product_reference": "evolution28-0:2.8.0-53.el4_6.3.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-0:2.8.0-53.el4_6.3.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:evolution28-0:2.8.0-53.el4_6.3.ia64"
},
"product_reference": "evolution28-0:2.8.0-53.el4_6.3.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-0:2.8.0-53.el4_6.3.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:evolution28-0:2.8.0-53.el4_6.3.ppc"
},
"product_reference": "evolution28-0:2.8.0-53.el4_6.3.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-0:2.8.0-53.el4_6.3.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:evolution28-0:2.8.0-53.el4_6.3.s390"
},
"product_reference": "evolution28-0:2.8.0-53.el4_6.3.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-0:2.8.0-53.el4_6.3.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:evolution28-0:2.8.0-53.el4_6.3.s390x"
},
"product_reference": "evolution28-0:2.8.0-53.el4_6.3.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-0:2.8.0-53.el4_6.3.src as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:evolution28-0:2.8.0-53.el4_6.3.src"
},
"product_reference": "evolution28-0:2.8.0-53.el4_6.3.src",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-0:2.8.0-53.el4_6.3.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:evolution28-0:2.8.0-53.el4_6.3.x86_64"
},
"product_reference": "evolution28-0:2.8.0-53.el4_6.3.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386"
},
"product_reference": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64"
},
"product_reference": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc"
},
"product_reference": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390"
},
"product_reference": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x"
},
"product_reference": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64"
},
"product_reference": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.i386"
},
"product_reference": "evolution28-devel-0:2.8.0-53.el4_6.3.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64"
},
"product_reference": "evolution28-devel-0:2.8.0-53.el4_6.3.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc"
},
"product_reference": "evolution28-devel-0:2.8.0-53.el4_6.3.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390"
},
"product_reference": "evolution28-devel-0:2.8.0-53.el4_6.3.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x"
},
"product_reference": "evolution28-devel-0:2.8.0-53.el4_6.3.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64"
},
"product_reference": "evolution28-devel-0:2.8.0-53.el4_6.3.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-0:2.8.0-53.el4_6.3.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:evolution28-0:2.8.0-53.el4_6.3.i386"
},
"product_reference": "evolution28-0:2.8.0-53.el4_6.3.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-0:2.8.0-53.el4_6.3.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:evolution28-0:2.8.0-53.el4_6.3.ia64"
},
"product_reference": "evolution28-0:2.8.0-53.el4_6.3.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-0:2.8.0-53.el4_6.3.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:evolution28-0:2.8.0-53.el4_6.3.ppc"
},
"product_reference": "evolution28-0:2.8.0-53.el4_6.3.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-0:2.8.0-53.el4_6.3.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390"
},
"product_reference": "evolution28-0:2.8.0-53.el4_6.3.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-0:2.8.0-53.el4_6.3.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390x"
},
"product_reference": "evolution28-0:2.8.0-53.el4_6.3.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-0:2.8.0-53.el4_6.3.src as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:evolution28-0:2.8.0-53.el4_6.3.src"
},
"product_reference": "evolution28-0:2.8.0-53.el4_6.3.src",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-0:2.8.0-53.el4_6.3.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:evolution28-0:2.8.0-53.el4_6.3.x86_64"
},
"product_reference": "evolution28-0:2.8.0-53.el4_6.3.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386"
},
"product_reference": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64"
},
"product_reference": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc"
},
"product_reference": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390"
},
"product_reference": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x"
},
"product_reference": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64"
},
"product_reference": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.i386"
},
"product_reference": "evolution28-devel-0:2.8.0-53.el4_6.3.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ia64"
},
"product_reference": "evolution28-devel-0:2.8.0-53.el4_6.3.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ppc"
},
"product_reference": "evolution28-devel-0:2.8.0-53.el4_6.3.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390"
},
"product_reference": "evolution28-devel-0:2.8.0-53.el4_6.3.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390x"
},
"product_reference": "evolution28-devel-0:2.8.0-53.el4_6.3.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64"
},
"product_reference": "evolution28-devel-0:2.8.0-53.el4_6.3.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-0:2.8.0-53.el4_6.3.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:evolution28-0:2.8.0-53.el4_6.3.i386"
},
"product_reference": "evolution28-0:2.8.0-53.el4_6.3.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-0:2.8.0-53.el4_6.3.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:evolution28-0:2.8.0-53.el4_6.3.ia64"
},
"product_reference": "evolution28-0:2.8.0-53.el4_6.3.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-0:2.8.0-53.el4_6.3.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:evolution28-0:2.8.0-53.el4_6.3.ppc"
},
"product_reference": "evolution28-0:2.8.0-53.el4_6.3.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-0:2.8.0-53.el4_6.3.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:evolution28-0:2.8.0-53.el4_6.3.s390"
},
"product_reference": "evolution28-0:2.8.0-53.el4_6.3.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-0:2.8.0-53.el4_6.3.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:evolution28-0:2.8.0-53.el4_6.3.s390x"
},
"product_reference": "evolution28-0:2.8.0-53.el4_6.3.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-0:2.8.0-53.el4_6.3.src as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:evolution28-0:2.8.0-53.el4_6.3.src"
},
"product_reference": "evolution28-0:2.8.0-53.el4_6.3.src",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-0:2.8.0-53.el4_6.3.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:evolution28-0:2.8.0-53.el4_6.3.x86_64"
},
"product_reference": "evolution28-0:2.8.0-53.el4_6.3.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386"
},
"product_reference": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64"
},
"product_reference": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc"
},
"product_reference": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390"
},
"product_reference": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x"
},
"product_reference": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64"
},
"product_reference": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.i386"
},
"product_reference": "evolution28-devel-0:2.8.0-53.el4_6.3.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ia64"
},
"product_reference": "evolution28-devel-0:2.8.0-53.el4_6.3.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ppc"
},
"product_reference": "evolution28-devel-0:2.8.0-53.el4_6.3.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390"
},
"product_reference": "evolution28-devel-0:2.8.0-53.el4_6.3.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390x"
},
"product_reference": "evolution28-devel-0:2.8.0-53.el4_6.3.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64"
},
"product_reference": "evolution28-devel-0:2.8.0-53.el4_6.3.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-0:2.8.0-53.el4_6.3.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:evolution28-0:2.8.0-53.el4_6.3.i386"
},
"product_reference": "evolution28-0:2.8.0-53.el4_6.3.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-0:2.8.0-53.el4_6.3.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:evolution28-0:2.8.0-53.el4_6.3.ia64"
},
"product_reference": "evolution28-0:2.8.0-53.el4_6.3.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-0:2.8.0-53.el4_6.3.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:evolution28-0:2.8.0-53.el4_6.3.ppc"
},
"product_reference": "evolution28-0:2.8.0-53.el4_6.3.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-0:2.8.0-53.el4_6.3.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:evolution28-0:2.8.0-53.el4_6.3.s390"
},
"product_reference": "evolution28-0:2.8.0-53.el4_6.3.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-0:2.8.0-53.el4_6.3.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:evolution28-0:2.8.0-53.el4_6.3.s390x"
},
"product_reference": "evolution28-0:2.8.0-53.el4_6.3.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-0:2.8.0-53.el4_6.3.src as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:evolution28-0:2.8.0-53.el4_6.3.src"
},
"product_reference": "evolution28-0:2.8.0-53.el4_6.3.src",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-0:2.8.0-53.el4_6.3.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:evolution28-0:2.8.0-53.el4_6.3.x86_64"
},
"product_reference": "evolution28-0:2.8.0-53.el4_6.3.x86_64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386"
},
"product_reference": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64"
},
"product_reference": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc"
},
"product_reference": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390"
},
"product_reference": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x"
},
"product_reference": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64"
},
"product_reference": "evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.i386"
},
"product_reference": "evolution28-devel-0:2.8.0-53.el4_6.3.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64"
},
"product_reference": "evolution28-devel-0:2.8.0-53.el4_6.3.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc"
},
"product_reference": "evolution28-devel-0:2.8.0-53.el4_6.3.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390"
},
"product_reference": "evolution28-devel-0:2.8.0-53.el4_6.3.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x"
},
"product_reference": "evolution28-devel-0:2.8.0-53.el4_6.3.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution28-devel-0:2.8.0-53.el4_6.3.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64"
},
"product_reference": "evolution28-devel-0:2.8.0-53.el4_6.3.x86_64",
"relates_to_product_reference": "4WS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Alin Rad Pop"
],
"organization": "Secunia Research"
}
],
"cve": "CVE-2008-1108",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2008-05-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "448540"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled, allows remote attackers to execute arbitrary code via a long timezone string in an iCalendar attachment.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "evolution: iCalendar buffer overflow via large timezone specification",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:evolution28-0:2.8.0-53.el4_6.3.i386",
"4AS:evolution28-0:2.8.0-53.el4_6.3.ia64",
"4AS:evolution28-0:2.8.0-53.el4_6.3.ppc",
"4AS:evolution28-0:2.8.0-53.el4_6.3.s390",
"4AS:evolution28-0:2.8.0-53.el4_6.3.s390x",
"4AS:evolution28-0:2.8.0-53.el4_6.3.src",
"4AS:evolution28-0:2.8.0-53.el4_6.3.x86_64",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.i386",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.i386",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.ia64",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.ppc",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390x",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.src",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.x86_64",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.i386",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ia64",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ppc",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390x",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64",
"4ES:evolution28-0:2.8.0-53.el4_6.3.i386",
"4ES:evolution28-0:2.8.0-53.el4_6.3.ia64",
"4ES:evolution28-0:2.8.0-53.el4_6.3.ppc",
"4ES:evolution28-0:2.8.0-53.el4_6.3.s390",
"4ES:evolution28-0:2.8.0-53.el4_6.3.s390x",
"4ES:evolution28-0:2.8.0-53.el4_6.3.src",
"4ES:evolution28-0:2.8.0-53.el4_6.3.x86_64",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.i386",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ia64",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ppc",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390x",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64",
"4WS:evolution28-0:2.8.0-53.el4_6.3.i386",
"4WS:evolution28-0:2.8.0-53.el4_6.3.ia64",
"4WS:evolution28-0:2.8.0-53.el4_6.3.ppc",
"4WS:evolution28-0:2.8.0-53.el4_6.3.s390",
"4WS:evolution28-0:2.8.0-53.el4_6.3.s390x",
"4WS:evolution28-0:2.8.0-53.el4_6.3.src",
"4WS:evolution28-0:2.8.0-53.el4_6.3.x86_64",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.i386",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-1108"
},
{
"category": "external",
"summary": "RHBZ#448540",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=448540"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-1108",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1108"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1108",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1108"
}
],
"release_date": "2008-06-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-06-04T12:49:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"4AS:evolution28-0:2.8.0-53.el4_6.3.i386",
"4AS:evolution28-0:2.8.0-53.el4_6.3.ia64",
"4AS:evolution28-0:2.8.0-53.el4_6.3.ppc",
"4AS:evolution28-0:2.8.0-53.el4_6.3.s390",
"4AS:evolution28-0:2.8.0-53.el4_6.3.s390x",
"4AS:evolution28-0:2.8.0-53.el4_6.3.src",
"4AS:evolution28-0:2.8.0-53.el4_6.3.x86_64",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.i386",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.i386",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.ia64",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.ppc",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390x",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.src",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.x86_64",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.i386",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ia64",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ppc",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390x",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64",
"4ES:evolution28-0:2.8.0-53.el4_6.3.i386",
"4ES:evolution28-0:2.8.0-53.el4_6.3.ia64",
"4ES:evolution28-0:2.8.0-53.el4_6.3.ppc",
"4ES:evolution28-0:2.8.0-53.el4_6.3.s390",
"4ES:evolution28-0:2.8.0-53.el4_6.3.s390x",
"4ES:evolution28-0:2.8.0-53.el4_6.3.src",
"4ES:evolution28-0:2.8.0-53.el4_6.3.x86_64",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.i386",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ia64",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ppc",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390x",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64",
"4WS:evolution28-0:2.8.0-53.el4_6.3.i386",
"4WS:evolution28-0:2.8.0-53.el4_6.3.ia64",
"4WS:evolution28-0:2.8.0-53.el4_6.3.ppc",
"4WS:evolution28-0:2.8.0-53.el4_6.3.s390",
"4WS:evolution28-0:2.8.0-53.el4_6.3.s390x",
"4WS:evolution28-0:2.8.0-53.el4_6.3.src",
"4WS:evolution28-0:2.8.0-53.el4_6.3.x86_64",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.i386",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0515"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:evolution28-0:2.8.0-53.el4_6.3.i386",
"4AS:evolution28-0:2.8.0-53.el4_6.3.ia64",
"4AS:evolution28-0:2.8.0-53.el4_6.3.ppc",
"4AS:evolution28-0:2.8.0-53.el4_6.3.s390",
"4AS:evolution28-0:2.8.0-53.el4_6.3.s390x",
"4AS:evolution28-0:2.8.0-53.el4_6.3.src",
"4AS:evolution28-0:2.8.0-53.el4_6.3.x86_64",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.i386",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.i386",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.ia64",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.ppc",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390x",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.src",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.x86_64",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.i386",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ia64",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ppc",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390x",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64",
"4ES:evolution28-0:2.8.0-53.el4_6.3.i386",
"4ES:evolution28-0:2.8.0-53.el4_6.3.ia64",
"4ES:evolution28-0:2.8.0-53.el4_6.3.ppc",
"4ES:evolution28-0:2.8.0-53.el4_6.3.s390",
"4ES:evolution28-0:2.8.0-53.el4_6.3.s390x",
"4ES:evolution28-0:2.8.0-53.el4_6.3.src",
"4ES:evolution28-0:2.8.0-53.el4_6.3.x86_64",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.i386",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ia64",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ppc",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390x",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64",
"4WS:evolution28-0:2.8.0-53.el4_6.3.i386",
"4WS:evolution28-0:2.8.0-53.el4_6.3.ia64",
"4WS:evolution28-0:2.8.0-53.el4_6.3.ppc",
"4WS:evolution28-0:2.8.0-53.el4_6.3.s390",
"4WS:evolution28-0:2.8.0-53.el4_6.3.s390x",
"4WS:evolution28-0:2.8.0-53.el4_6.3.src",
"4WS:evolution28-0:2.8.0-53.el4_6.3.x86_64",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.i386",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "evolution: iCalendar buffer overflow via large timezone specification"
},
{
"acknowledgments": [
{
"names": [
"Alin Rad Pop"
],
"organization": "Secunia Research"
}
],
"cve": "CVE-2008-1109",
"discovery_date": "2008-05-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "448541"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "evolution: iCalendar buffer overflow via large description parameter",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:evolution28-0:2.8.0-53.el4_6.3.i386",
"4AS:evolution28-0:2.8.0-53.el4_6.3.ia64",
"4AS:evolution28-0:2.8.0-53.el4_6.3.ppc",
"4AS:evolution28-0:2.8.0-53.el4_6.3.s390",
"4AS:evolution28-0:2.8.0-53.el4_6.3.s390x",
"4AS:evolution28-0:2.8.0-53.el4_6.3.src",
"4AS:evolution28-0:2.8.0-53.el4_6.3.x86_64",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.i386",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.i386",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.ia64",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.ppc",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390x",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.src",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.x86_64",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.i386",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ia64",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ppc",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390x",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64",
"4ES:evolution28-0:2.8.0-53.el4_6.3.i386",
"4ES:evolution28-0:2.8.0-53.el4_6.3.ia64",
"4ES:evolution28-0:2.8.0-53.el4_6.3.ppc",
"4ES:evolution28-0:2.8.0-53.el4_6.3.s390",
"4ES:evolution28-0:2.8.0-53.el4_6.3.s390x",
"4ES:evolution28-0:2.8.0-53.el4_6.3.src",
"4ES:evolution28-0:2.8.0-53.el4_6.3.x86_64",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.i386",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ia64",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ppc",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390x",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64",
"4WS:evolution28-0:2.8.0-53.el4_6.3.i386",
"4WS:evolution28-0:2.8.0-53.el4_6.3.ia64",
"4WS:evolution28-0:2.8.0-53.el4_6.3.ppc",
"4WS:evolution28-0:2.8.0-53.el4_6.3.s390",
"4WS:evolution28-0:2.8.0-53.el4_6.3.s390x",
"4WS:evolution28-0:2.8.0-53.el4_6.3.src",
"4WS:evolution28-0:2.8.0-53.el4_6.3.x86_64",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.i386",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-1109"
},
{
"category": "external",
"summary": "RHBZ#448541",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=448541"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-1109",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1109"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1109",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1109"
}
],
"release_date": "2008-06-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-06-04T12:49:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"4AS:evolution28-0:2.8.0-53.el4_6.3.i386",
"4AS:evolution28-0:2.8.0-53.el4_6.3.ia64",
"4AS:evolution28-0:2.8.0-53.el4_6.3.ppc",
"4AS:evolution28-0:2.8.0-53.el4_6.3.s390",
"4AS:evolution28-0:2.8.0-53.el4_6.3.s390x",
"4AS:evolution28-0:2.8.0-53.el4_6.3.src",
"4AS:evolution28-0:2.8.0-53.el4_6.3.x86_64",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.i386",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.i386",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.ia64",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.ppc",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390x",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.src",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.x86_64",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.i386",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ia64",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ppc",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390x",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64",
"4ES:evolution28-0:2.8.0-53.el4_6.3.i386",
"4ES:evolution28-0:2.8.0-53.el4_6.3.ia64",
"4ES:evolution28-0:2.8.0-53.el4_6.3.ppc",
"4ES:evolution28-0:2.8.0-53.el4_6.3.s390",
"4ES:evolution28-0:2.8.0-53.el4_6.3.s390x",
"4ES:evolution28-0:2.8.0-53.el4_6.3.src",
"4ES:evolution28-0:2.8.0-53.el4_6.3.x86_64",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.i386",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ia64",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ppc",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390x",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64",
"4WS:evolution28-0:2.8.0-53.el4_6.3.i386",
"4WS:evolution28-0:2.8.0-53.el4_6.3.ia64",
"4WS:evolution28-0:2.8.0-53.el4_6.3.ppc",
"4WS:evolution28-0:2.8.0-53.el4_6.3.s390",
"4WS:evolution28-0:2.8.0-53.el4_6.3.s390x",
"4WS:evolution28-0:2.8.0-53.el4_6.3.src",
"4WS:evolution28-0:2.8.0-53.el4_6.3.x86_64",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.i386",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0515"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:evolution28-0:2.8.0-53.el4_6.3.i386",
"4AS:evolution28-0:2.8.0-53.el4_6.3.ia64",
"4AS:evolution28-0:2.8.0-53.el4_6.3.ppc",
"4AS:evolution28-0:2.8.0-53.el4_6.3.s390",
"4AS:evolution28-0:2.8.0-53.el4_6.3.s390x",
"4AS:evolution28-0:2.8.0-53.el4_6.3.src",
"4AS:evolution28-0:2.8.0-53.el4_6.3.x86_64",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x",
"4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.i386",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x",
"4AS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.i386",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.ia64",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.ppc",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390x",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.src",
"4Desktop:evolution28-0:2.8.0-53.el4_6.3.x86_64",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x",
"4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.i386",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ia64",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ppc",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390x",
"4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64",
"4ES:evolution28-0:2.8.0-53.el4_6.3.i386",
"4ES:evolution28-0:2.8.0-53.el4_6.3.ia64",
"4ES:evolution28-0:2.8.0-53.el4_6.3.ppc",
"4ES:evolution28-0:2.8.0-53.el4_6.3.s390",
"4ES:evolution28-0:2.8.0-53.el4_6.3.s390x",
"4ES:evolution28-0:2.8.0-53.el4_6.3.src",
"4ES:evolution28-0:2.8.0-53.el4_6.3.x86_64",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x",
"4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.i386",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ia64",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ppc",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390x",
"4ES:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64",
"4WS:evolution28-0:2.8.0-53.el4_6.3.i386",
"4WS:evolution28-0:2.8.0-53.el4_6.3.ia64",
"4WS:evolution28-0:2.8.0-53.el4_6.3.ppc",
"4WS:evolution28-0:2.8.0-53.el4_6.3.s390",
"4WS:evolution28-0:2.8.0-53.el4_6.3.s390x",
"4WS:evolution28-0:2.8.0-53.el4_6.3.src",
"4WS:evolution28-0:2.8.0-53.el4_6.3.x86_64",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x",
"4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.i386",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x",
"4WS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "evolution: iCalendar buffer overflow via large description parameter"
}
]
}
RHSA-2008:0514
Vulnerability from csaf_redhat - Published: 2008-06-04 10:46 - Updated: 2025-11-21 17:33Summary
Red Hat Security Advisory: evolution security update
Notes
Topic
Updated evolution packages that fix two buffer overflow vulnerabilities are
now available for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Details
Evolution is the integrated collection of e-mail, calendaring, contact
management, communications and personal information management (PIM) tools
for the GNOME desktop environment.
A flaw was found in the way Evolution parsed iCalendar timezone attachment
data. If the Itip Formatter plug-in was disabled and a user opened a mail
with a carefully crafted iCalendar attachment, arbitrary code could be
executed as the user running Evolution. (CVE-2008-1108)
Note: the Itip Formatter plug-in, which allows calendar information
(attachments with a MIME type of "text/calendar") to be displayed as part
of the e-mail message, is enabled by default.
A heap-based buffer overflow flaw was found in the way Evolution parsed
iCalendar attachments with an overly long "DESCRIPTION" property string. If
a user responded to a carefully crafted iCalendar attachment in a
particular way, arbitrary code could be executed as the user running
Evolution. (CVE-2008-1109).
The particular response required to trigger this vulnerability was as
follows:
1. Receive the carefully crafted iCalendar attachment.
2. Accept the associated meeting.
3. Open the calender the meeting was in.
4. Reply to the sender.
Red Hat would like to thank Alin Rad Pop of Secunia Research for
responsibly disclosing these issues.
All Evolution users should upgrade to these updated packages, which contain
backported patches which resolves these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated evolution packages that fix two buffer overflow vulnerabilities are\nnow available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "Evolution is the integrated collection of e-mail, calendaring, contact\nmanagement, communications and personal information management (PIM) tools\nfor the GNOME desktop environment.\n\nA flaw was found in the way Evolution parsed iCalendar timezone attachment\ndata. If the Itip Formatter plug-in was disabled and a user opened a mail\nwith a carefully crafted iCalendar attachment, arbitrary code could be\nexecuted as the user running Evolution. (CVE-2008-1108)\n\nNote: the Itip Formatter plug-in, which allows calendar information\n(attachments with a MIME type of \"text/calendar\") to be displayed as part\nof the e-mail message, is enabled by default.\n\nA heap-based buffer overflow flaw was found in the way Evolution parsed\niCalendar attachments with an overly long \"DESCRIPTION\" property string. If\na user responded to a carefully crafted iCalendar attachment in a\nparticular way, arbitrary code could be executed as the user running\nEvolution. (CVE-2008-1109).\n\nThe particular response required to trigger this vulnerability was as\nfollows:\n\n1. Receive the carefully crafted iCalendar attachment.\n2. Accept the associated meeting.\n3. Open the calender the meeting was in.\n4. Reply to the sender.\n\nRed Hat would like to thank Alin Rad Pop of Secunia Research for\nresponsibly disclosing these issues.\n\nAll Evolution users should upgrade to these updated packages, which contain\nbackported patches which resolves these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2008:0514",
"url": "https://access.redhat.com/errata/RHSA-2008:0514"
},
{
"category": "external",
"summary": "http://www.redhat.com/security/updates/classification/#important",
"url": "http://www.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "448540",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=448540"
},
{
"category": "external",
"summary": "448541",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=448541"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0514.json"
}
],
"title": "Red Hat Security Advisory: evolution security update",
"tracking": {
"current_release_date": "2025-11-21T17:33:22+00:00",
"generator": {
"date": "2025-11-21T17:33:22+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2008:0514",
"initial_release_date": "2008-06-04T10:46:00+00:00",
"revision_history": [
{
"date": "2008-06-04T10:46:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2008-06-04T06:46:22+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:33:22+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)",
"product": {
"name": "Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)",
"product_id": "5Server-DPAS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_productivity:5"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product": {
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::client_workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "evolution-devel-0:2.12.3-8.el5_2.2.x86_64",
"product": {
"name": "evolution-devel-0:2.12.3-8.el5_2.2.x86_64",
"product_id": "evolution-devel-0:2.12.3-8.el5_2.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/evolution-devel@2.12.3-8.el5_2.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64",
"product": {
"name": "evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64",
"product_id": "evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/evolution-debuginfo@2.12.3-8.el5_2.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "evolution-0:2.12.3-8.el5_2.2.x86_64",
"product": {
"name": "evolution-0:2.12.3-8.el5_2.2.x86_64",
"product_id": "evolution-0:2.12.3-8.el5_2.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/evolution@2.12.3-8.el5_2.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "evolution-help-0:2.12.3-8.el5_2.2.x86_64",
"product": {
"name": "evolution-help-0:2.12.3-8.el5_2.2.x86_64",
"product_id": "evolution-help-0:2.12.3-8.el5_2.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/evolution-help@2.12.3-8.el5_2.2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "evolution-devel-0:2.12.3-8.el5_2.2.i386",
"product": {
"name": "evolution-devel-0:2.12.3-8.el5_2.2.i386",
"product_id": "evolution-devel-0:2.12.3-8.el5_2.2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/evolution-devel@2.12.3-8.el5_2.2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "evolution-debuginfo-0:2.12.3-8.el5_2.2.i386",
"product": {
"name": "evolution-debuginfo-0:2.12.3-8.el5_2.2.i386",
"product_id": "evolution-debuginfo-0:2.12.3-8.el5_2.2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/evolution-debuginfo@2.12.3-8.el5_2.2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "evolution-0:2.12.3-8.el5_2.2.i386",
"product": {
"name": "evolution-0:2.12.3-8.el5_2.2.i386",
"product_id": "evolution-0:2.12.3-8.el5_2.2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/evolution@2.12.3-8.el5_2.2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "evolution-help-0:2.12.3-8.el5_2.2.i386",
"product": {
"name": "evolution-help-0:2.12.3-8.el5_2.2.i386",
"product_id": "evolution-help-0:2.12.3-8.el5_2.2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/evolution-help@2.12.3-8.el5_2.2?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "evolution-0:2.12.3-8.el5_2.2.src",
"product": {
"name": "evolution-0:2.12.3-8.el5_2.2.src",
"product_id": "evolution-0:2.12.3-8.el5_2.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/evolution@2.12.3-8.el5_2.2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-0:2.12.3-8.el5_2.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.i386"
},
"product_reference": "evolution-0:2.12.3-8.el5_2.2.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-0:2.12.3-8.el5_2.2.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.src"
},
"product_reference": "evolution-0:2.12.3-8.el5_2.2.src",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-0:2.12.3-8.el5_2.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.x86_64"
},
"product_reference": "evolution-0:2.12.3-8.el5_2.2.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-debuginfo-0:2.12.3-8.el5_2.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386"
},
"product_reference": "evolution-debuginfo-0:2.12.3-8.el5_2.2.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64"
},
"product_reference": "evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-devel-0:2.12.3-8.el5_2.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.i386"
},
"product_reference": "evolution-devel-0:2.12.3-8.el5_2.2.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-devel-0:2.12.3-8.el5_2.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.x86_64"
},
"product_reference": "evolution-devel-0:2.12.3-8.el5_2.2.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-help-0:2.12.3-8.el5_2.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.i386"
},
"product_reference": "evolution-help-0:2.12.3-8.el5_2.2.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-help-0:2.12.3-8.el5_2.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.x86_64"
},
"product_reference": "evolution-help-0:2.12.3-8.el5_2.2.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-0:2.12.3-8.el5_2.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:evolution-0:2.12.3-8.el5_2.2.i386"
},
"product_reference": "evolution-0:2.12.3-8.el5_2.2.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-0:2.12.3-8.el5_2.2.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:evolution-0:2.12.3-8.el5_2.2.src"
},
"product_reference": "evolution-0:2.12.3-8.el5_2.2.src",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-0:2.12.3-8.el5_2.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:evolution-0:2.12.3-8.el5_2.2.x86_64"
},
"product_reference": "evolution-0:2.12.3-8.el5_2.2.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-debuginfo-0:2.12.3-8.el5_2.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386"
},
"product_reference": "evolution-debuginfo-0:2.12.3-8.el5_2.2.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64"
},
"product_reference": "evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-devel-0:2.12.3-8.el5_2.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:evolution-devel-0:2.12.3-8.el5_2.2.i386"
},
"product_reference": "evolution-devel-0:2.12.3-8.el5_2.2.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-devel-0:2.12.3-8.el5_2.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:evolution-devel-0:2.12.3-8.el5_2.2.x86_64"
},
"product_reference": "evolution-devel-0:2.12.3-8.el5_2.2.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-help-0:2.12.3-8.el5_2.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:evolution-help-0:2.12.3-8.el5_2.2.i386"
},
"product_reference": "evolution-help-0:2.12.3-8.el5_2.2.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-help-0:2.12.3-8.el5_2.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:evolution-help-0:2.12.3-8.el5_2.2.x86_64"
},
"product_reference": "evolution-help-0:2.12.3-8.el5_2.2.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-0:2.12.3-8.el5_2.2.i386 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)",
"product_id": "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.i386"
},
"product_reference": "evolution-0:2.12.3-8.el5_2.2.i386",
"relates_to_product_reference": "5Server-DPAS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-0:2.12.3-8.el5_2.2.src as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)",
"product_id": "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.src"
},
"product_reference": "evolution-0:2.12.3-8.el5_2.2.src",
"relates_to_product_reference": "5Server-DPAS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-0:2.12.3-8.el5_2.2.x86_64 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)",
"product_id": "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.x86_64"
},
"product_reference": "evolution-0:2.12.3-8.el5_2.2.x86_64",
"relates_to_product_reference": "5Server-DPAS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-debuginfo-0:2.12.3-8.el5_2.2.i386 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)",
"product_id": "5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386"
},
"product_reference": "evolution-debuginfo-0:2.12.3-8.el5_2.2.i386",
"relates_to_product_reference": "5Server-DPAS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)",
"product_id": "5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64"
},
"product_reference": "evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64",
"relates_to_product_reference": "5Server-DPAS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-devel-0:2.12.3-8.el5_2.2.i386 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)",
"product_id": "5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.i386"
},
"product_reference": "evolution-devel-0:2.12.3-8.el5_2.2.i386",
"relates_to_product_reference": "5Server-DPAS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-devel-0:2.12.3-8.el5_2.2.x86_64 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)",
"product_id": "5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.x86_64"
},
"product_reference": "evolution-devel-0:2.12.3-8.el5_2.2.x86_64",
"relates_to_product_reference": "5Server-DPAS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-help-0:2.12.3-8.el5_2.2.i386 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)",
"product_id": "5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.i386"
},
"product_reference": "evolution-help-0:2.12.3-8.el5_2.2.i386",
"relates_to_product_reference": "5Server-DPAS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-help-0:2.12.3-8.el5_2.2.x86_64 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)",
"product_id": "5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.x86_64"
},
"product_reference": "evolution-help-0:2.12.3-8.el5_2.2.x86_64",
"relates_to_product_reference": "5Server-DPAS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Alin Rad Pop"
],
"organization": "Secunia Research"
}
],
"cve": "CVE-2008-1108",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2008-05-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "448540"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled, allows remote attackers to execute arbitrary code via a long timezone string in an iCalendar attachment.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "evolution: iCalendar buffer overflow via large timezone specification",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.i386",
"5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.src",
"5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.x86_64",
"5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386",
"5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64",
"5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.i386",
"5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.x86_64",
"5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.i386",
"5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.x86_64",
"5Client:evolution-0:2.12.3-8.el5_2.2.i386",
"5Client:evolution-0:2.12.3-8.el5_2.2.src",
"5Client:evolution-0:2.12.3-8.el5_2.2.x86_64",
"5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386",
"5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64",
"5Client:evolution-devel-0:2.12.3-8.el5_2.2.i386",
"5Client:evolution-devel-0:2.12.3-8.el5_2.2.x86_64",
"5Client:evolution-help-0:2.12.3-8.el5_2.2.i386",
"5Client:evolution-help-0:2.12.3-8.el5_2.2.x86_64",
"5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.i386",
"5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.src",
"5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.x86_64",
"5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386",
"5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64",
"5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.i386",
"5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.x86_64",
"5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.i386",
"5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-1108"
},
{
"category": "external",
"summary": "RHBZ#448540",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=448540"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-1108",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1108"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1108",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1108"
}
],
"release_date": "2008-06-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-06-04T10:46:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.i386",
"5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.src",
"5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.x86_64",
"5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386",
"5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64",
"5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.i386",
"5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.x86_64",
"5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.i386",
"5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.x86_64",
"5Client:evolution-0:2.12.3-8.el5_2.2.i386",
"5Client:evolution-0:2.12.3-8.el5_2.2.src",
"5Client:evolution-0:2.12.3-8.el5_2.2.x86_64",
"5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386",
"5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64",
"5Client:evolution-devel-0:2.12.3-8.el5_2.2.i386",
"5Client:evolution-devel-0:2.12.3-8.el5_2.2.x86_64",
"5Client:evolution-help-0:2.12.3-8.el5_2.2.i386",
"5Client:evolution-help-0:2.12.3-8.el5_2.2.x86_64",
"5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.i386",
"5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.src",
"5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.x86_64",
"5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386",
"5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64",
"5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.i386",
"5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.x86_64",
"5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.i386",
"5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0514"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.i386",
"5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.src",
"5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.x86_64",
"5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386",
"5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64",
"5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.i386",
"5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.x86_64",
"5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.i386",
"5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.x86_64",
"5Client:evolution-0:2.12.3-8.el5_2.2.i386",
"5Client:evolution-0:2.12.3-8.el5_2.2.src",
"5Client:evolution-0:2.12.3-8.el5_2.2.x86_64",
"5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386",
"5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64",
"5Client:evolution-devel-0:2.12.3-8.el5_2.2.i386",
"5Client:evolution-devel-0:2.12.3-8.el5_2.2.x86_64",
"5Client:evolution-help-0:2.12.3-8.el5_2.2.i386",
"5Client:evolution-help-0:2.12.3-8.el5_2.2.x86_64",
"5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.i386",
"5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.src",
"5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.x86_64",
"5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386",
"5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64",
"5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.i386",
"5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.x86_64",
"5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.i386",
"5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "evolution: iCalendar buffer overflow via large timezone specification"
},
{
"acknowledgments": [
{
"names": [
"Alin Rad Pop"
],
"organization": "Secunia Research"
}
],
"cve": "CVE-2008-1109",
"discovery_date": "2008-05-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "448541"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "evolution: iCalendar buffer overflow via large description parameter",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.i386",
"5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.src",
"5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.x86_64",
"5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386",
"5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64",
"5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.i386",
"5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.x86_64",
"5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.i386",
"5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.x86_64",
"5Client:evolution-0:2.12.3-8.el5_2.2.i386",
"5Client:evolution-0:2.12.3-8.el5_2.2.src",
"5Client:evolution-0:2.12.3-8.el5_2.2.x86_64",
"5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386",
"5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64",
"5Client:evolution-devel-0:2.12.3-8.el5_2.2.i386",
"5Client:evolution-devel-0:2.12.3-8.el5_2.2.x86_64",
"5Client:evolution-help-0:2.12.3-8.el5_2.2.i386",
"5Client:evolution-help-0:2.12.3-8.el5_2.2.x86_64",
"5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.i386",
"5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.src",
"5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.x86_64",
"5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386",
"5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64",
"5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.i386",
"5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.x86_64",
"5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.i386",
"5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-1109"
},
{
"category": "external",
"summary": "RHBZ#448541",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=448541"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-1109",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1109"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1109",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1109"
}
],
"release_date": "2008-06-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-06-04T10:46:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.i386",
"5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.src",
"5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.x86_64",
"5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386",
"5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64",
"5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.i386",
"5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.x86_64",
"5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.i386",
"5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.x86_64",
"5Client:evolution-0:2.12.3-8.el5_2.2.i386",
"5Client:evolution-0:2.12.3-8.el5_2.2.src",
"5Client:evolution-0:2.12.3-8.el5_2.2.x86_64",
"5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386",
"5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64",
"5Client:evolution-devel-0:2.12.3-8.el5_2.2.i386",
"5Client:evolution-devel-0:2.12.3-8.el5_2.2.x86_64",
"5Client:evolution-help-0:2.12.3-8.el5_2.2.i386",
"5Client:evolution-help-0:2.12.3-8.el5_2.2.x86_64",
"5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.i386",
"5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.src",
"5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.x86_64",
"5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386",
"5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64",
"5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.i386",
"5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.x86_64",
"5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.i386",
"5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0514"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.i386",
"5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.src",
"5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.x86_64",
"5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386",
"5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64",
"5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.i386",
"5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.x86_64",
"5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.i386",
"5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.x86_64",
"5Client:evolution-0:2.12.3-8.el5_2.2.i386",
"5Client:evolution-0:2.12.3-8.el5_2.2.src",
"5Client:evolution-0:2.12.3-8.el5_2.2.x86_64",
"5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386",
"5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64",
"5Client:evolution-devel-0:2.12.3-8.el5_2.2.i386",
"5Client:evolution-devel-0:2.12.3-8.el5_2.2.x86_64",
"5Client:evolution-help-0:2.12.3-8.el5_2.2.i386",
"5Client:evolution-help-0:2.12.3-8.el5_2.2.x86_64",
"5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.i386",
"5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.src",
"5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.x86_64",
"5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386",
"5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64",
"5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.i386",
"5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.x86_64",
"5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.i386",
"5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "evolution: iCalendar buffer overflow via large description parameter"
}
]
}
RHSA-2008_0514
Vulnerability from csaf_redhat - Published: 2008-06-04 10:46 - Updated: 2024-11-22 02:02Summary
Red Hat Security Advisory: evolution security update
Notes
Topic
Updated evolution packages that fix two buffer overflow vulnerabilities are
now available for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Details
Evolution is the integrated collection of e-mail, calendaring, contact
management, communications and personal information management (PIM) tools
for the GNOME desktop environment.
A flaw was found in the way Evolution parsed iCalendar timezone attachment
data. If the Itip Formatter plug-in was disabled and a user opened a mail
with a carefully crafted iCalendar attachment, arbitrary code could be
executed as the user running Evolution. (CVE-2008-1108)
Note: the Itip Formatter plug-in, which allows calendar information
(attachments with a MIME type of "text/calendar") to be displayed as part
of the e-mail message, is enabled by default.
A heap-based buffer overflow flaw was found in the way Evolution parsed
iCalendar attachments with an overly long "DESCRIPTION" property string. If
a user responded to a carefully crafted iCalendar attachment in a
particular way, arbitrary code could be executed as the user running
Evolution. (CVE-2008-1109).
The particular response required to trigger this vulnerability was as
follows:
1. Receive the carefully crafted iCalendar attachment.
2. Accept the associated meeting.
3. Open the calender the meeting was in.
4. Reply to the sender.
Red Hat would like to thank Alin Rad Pop of Secunia Research for
responsibly disclosing these issues.
All Evolution users should upgrade to these updated packages, which contain
backported patches which resolves these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated evolution packages that fix two buffer overflow vulnerabilities are\nnow available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "Evolution is the integrated collection of e-mail, calendaring, contact\nmanagement, communications and personal information management (PIM) tools\nfor the GNOME desktop environment.\n\nA flaw was found in the way Evolution parsed iCalendar timezone attachment\ndata. If the Itip Formatter plug-in was disabled and a user opened a mail\nwith a carefully crafted iCalendar attachment, arbitrary code could be\nexecuted as the user running Evolution. (CVE-2008-1108)\n\nNote: the Itip Formatter plug-in, which allows calendar information\n(attachments with a MIME type of \"text/calendar\") to be displayed as part\nof the e-mail message, is enabled by default.\n\nA heap-based buffer overflow flaw was found in the way Evolution parsed\niCalendar attachments with an overly long \"DESCRIPTION\" property string. If\na user responded to a carefully crafted iCalendar attachment in a\nparticular way, arbitrary code could be executed as the user running\nEvolution. (CVE-2008-1109).\n\nThe particular response required to trigger this vulnerability was as\nfollows:\n\n1. Receive the carefully crafted iCalendar attachment.\n2. Accept the associated meeting.\n3. Open the calender the meeting was in.\n4. Reply to the sender.\n\nRed Hat would like to thank Alin Rad Pop of Secunia Research for\nresponsibly disclosing these issues.\n\nAll Evolution users should upgrade to these updated packages, which contain\nbackported patches which resolves these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2008:0514",
"url": "https://access.redhat.com/errata/RHSA-2008:0514"
},
{
"category": "external",
"summary": "http://www.redhat.com/security/updates/classification/#important",
"url": "http://www.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "448540",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=448540"
},
{
"category": "external",
"summary": "448541",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=448541"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0514.json"
}
],
"title": "Red Hat Security Advisory: evolution security update",
"tracking": {
"current_release_date": "2024-11-22T02:02:55+00:00",
"generator": {
"date": "2024-11-22T02:02:55+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2008:0514",
"initial_release_date": "2008-06-04T10:46:00+00:00",
"revision_history": [
{
"date": "2008-06-04T10:46:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2008-06-04T06:46:22+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T02:02:55+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)",
"product": {
"name": "Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)",
"product_id": "5Server-DPAS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_productivity:5"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product": {
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::client_workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "evolution-devel-0:2.12.3-8.el5_2.2.x86_64",
"product": {
"name": "evolution-devel-0:2.12.3-8.el5_2.2.x86_64",
"product_id": "evolution-devel-0:2.12.3-8.el5_2.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/evolution-devel@2.12.3-8.el5_2.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64",
"product": {
"name": "evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64",
"product_id": "evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/evolution-debuginfo@2.12.3-8.el5_2.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "evolution-0:2.12.3-8.el5_2.2.x86_64",
"product": {
"name": "evolution-0:2.12.3-8.el5_2.2.x86_64",
"product_id": "evolution-0:2.12.3-8.el5_2.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/evolution@2.12.3-8.el5_2.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "evolution-help-0:2.12.3-8.el5_2.2.x86_64",
"product": {
"name": "evolution-help-0:2.12.3-8.el5_2.2.x86_64",
"product_id": "evolution-help-0:2.12.3-8.el5_2.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/evolution-help@2.12.3-8.el5_2.2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "evolution-devel-0:2.12.3-8.el5_2.2.i386",
"product": {
"name": "evolution-devel-0:2.12.3-8.el5_2.2.i386",
"product_id": "evolution-devel-0:2.12.3-8.el5_2.2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/evolution-devel@2.12.3-8.el5_2.2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "evolution-debuginfo-0:2.12.3-8.el5_2.2.i386",
"product": {
"name": "evolution-debuginfo-0:2.12.3-8.el5_2.2.i386",
"product_id": "evolution-debuginfo-0:2.12.3-8.el5_2.2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/evolution-debuginfo@2.12.3-8.el5_2.2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "evolution-0:2.12.3-8.el5_2.2.i386",
"product": {
"name": "evolution-0:2.12.3-8.el5_2.2.i386",
"product_id": "evolution-0:2.12.3-8.el5_2.2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/evolution@2.12.3-8.el5_2.2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "evolution-help-0:2.12.3-8.el5_2.2.i386",
"product": {
"name": "evolution-help-0:2.12.3-8.el5_2.2.i386",
"product_id": "evolution-help-0:2.12.3-8.el5_2.2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/evolution-help@2.12.3-8.el5_2.2?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "evolution-0:2.12.3-8.el5_2.2.src",
"product": {
"name": "evolution-0:2.12.3-8.el5_2.2.src",
"product_id": "evolution-0:2.12.3-8.el5_2.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/evolution@2.12.3-8.el5_2.2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-0:2.12.3-8.el5_2.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.i386"
},
"product_reference": "evolution-0:2.12.3-8.el5_2.2.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-0:2.12.3-8.el5_2.2.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.src"
},
"product_reference": "evolution-0:2.12.3-8.el5_2.2.src",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-0:2.12.3-8.el5_2.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.x86_64"
},
"product_reference": "evolution-0:2.12.3-8.el5_2.2.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-debuginfo-0:2.12.3-8.el5_2.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386"
},
"product_reference": "evolution-debuginfo-0:2.12.3-8.el5_2.2.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64"
},
"product_reference": "evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-devel-0:2.12.3-8.el5_2.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.i386"
},
"product_reference": "evolution-devel-0:2.12.3-8.el5_2.2.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-devel-0:2.12.3-8.el5_2.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.x86_64"
},
"product_reference": "evolution-devel-0:2.12.3-8.el5_2.2.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-help-0:2.12.3-8.el5_2.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.i386"
},
"product_reference": "evolution-help-0:2.12.3-8.el5_2.2.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-help-0:2.12.3-8.el5_2.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.x86_64"
},
"product_reference": "evolution-help-0:2.12.3-8.el5_2.2.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-0:2.12.3-8.el5_2.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:evolution-0:2.12.3-8.el5_2.2.i386"
},
"product_reference": "evolution-0:2.12.3-8.el5_2.2.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-0:2.12.3-8.el5_2.2.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:evolution-0:2.12.3-8.el5_2.2.src"
},
"product_reference": "evolution-0:2.12.3-8.el5_2.2.src",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-0:2.12.3-8.el5_2.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:evolution-0:2.12.3-8.el5_2.2.x86_64"
},
"product_reference": "evolution-0:2.12.3-8.el5_2.2.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-debuginfo-0:2.12.3-8.el5_2.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386"
},
"product_reference": "evolution-debuginfo-0:2.12.3-8.el5_2.2.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64"
},
"product_reference": "evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-devel-0:2.12.3-8.el5_2.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:evolution-devel-0:2.12.3-8.el5_2.2.i386"
},
"product_reference": "evolution-devel-0:2.12.3-8.el5_2.2.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-devel-0:2.12.3-8.el5_2.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:evolution-devel-0:2.12.3-8.el5_2.2.x86_64"
},
"product_reference": "evolution-devel-0:2.12.3-8.el5_2.2.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-help-0:2.12.3-8.el5_2.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:evolution-help-0:2.12.3-8.el5_2.2.i386"
},
"product_reference": "evolution-help-0:2.12.3-8.el5_2.2.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-help-0:2.12.3-8.el5_2.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:evolution-help-0:2.12.3-8.el5_2.2.x86_64"
},
"product_reference": "evolution-help-0:2.12.3-8.el5_2.2.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-0:2.12.3-8.el5_2.2.i386 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)",
"product_id": "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.i386"
},
"product_reference": "evolution-0:2.12.3-8.el5_2.2.i386",
"relates_to_product_reference": "5Server-DPAS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-0:2.12.3-8.el5_2.2.src as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)",
"product_id": "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.src"
},
"product_reference": "evolution-0:2.12.3-8.el5_2.2.src",
"relates_to_product_reference": "5Server-DPAS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-0:2.12.3-8.el5_2.2.x86_64 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)",
"product_id": "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.x86_64"
},
"product_reference": "evolution-0:2.12.3-8.el5_2.2.x86_64",
"relates_to_product_reference": "5Server-DPAS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-debuginfo-0:2.12.3-8.el5_2.2.i386 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)",
"product_id": "5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386"
},
"product_reference": "evolution-debuginfo-0:2.12.3-8.el5_2.2.i386",
"relates_to_product_reference": "5Server-DPAS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)",
"product_id": "5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64"
},
"product_reference": "evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64",
"relates_to_product_reference": "5Server-DPAS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-devel-0:2.12.3-8.el5_2.2.i386 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)",
"product_id": "5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.i386"
},
"product_reference": "evolution-devel-0:2.12.3-8.el5_2.2.i386",
"relates_to_product_reference": "5Server-DPAS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-devel-0:2.12.3-8.el5_2.2.x86_64 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)",
"product_id": "5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.x86_64"
},
"product_reference": "evolution-devel-0:2.12.3-8.el5_2.2.x86_64",
"relates_to_product_reference": "5Server-DPAS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-help-0:2.12.3-8.el5_2.2.i386 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)",
"product_id": "5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.i386"
},
"product_reference": "evolution-help-0:2.12.3-8.el5_2.2.i386",
"relates_to_product_reference": "5Server-DPAS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-help-0:2.12.3-8.el5_2.2.x86_64 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)",
"product_id": "5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.x86_64"
},
"product_reference": "evolution-help-0:2.12.3-8.el5_2.2.x86_64",
"relates_to_product_reference": "5Server-DPAS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Alin Rad Pop"
],
"organization": "Secunia Research"
}
],
"cve": "CVE-2008-1108",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2008-05-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "448540"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled, allows remote attackers to execute arbitrary code via a long timezone string in an iCalendar attachment.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "evolution: iCalendar buffer overflow via large timezone specification",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.i386",
"5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.src",
"5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.x86_64",
"5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386",
"5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64",
"5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.i386",
"5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.x86_64",
"5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.i386",
"5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.x86_64",
"5Client:evolution-0:2.12.3-8.el5_2.2.i386",
"5Client:evolution-0:2.12.3-8.el5_2.2.src",
"5Client:evolution-0:2.12.3-8.el5_2.2.x86_64",
"5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386",
"5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64",
"5Client:evolution-devel-0:2.12.3-8.el5_2.2.i386",
"5Client:evolution-devel-0:2.12.3-8.el5_2.2.x86_64",
"5Client:evolution-help-0:2.12.3-8.el5_2.2.i386",
"5Client:evolution-help-0:2.12.3-8.el5_2.2.x86_64",
"5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.i386",
"5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.src",
"5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.x86_64",
"5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386",
"5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64",
"5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.i386",
"5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.x86_64",
"5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.i386",
"5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-1108"
},
{
"category": "external",
"summary": "RHBZ#448540",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=448540"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-1108",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1108"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1108",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1108"
}
],
"release_date": "2008-06-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-06-04T10:46:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.i386",
"5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.src",
"5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.x86_64",
"5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386",
"5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64",
"5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.i386",
"5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.x86_64",
"5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.i386",
"5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.x86_64",
"5Client:evolution-0:2.12.3-8.el5_2.2.i386",
"5Client:evolution-0:2.12.3-8.el5_2.2.src",
"5Client:evolution-0:2.12.3-8.el5_2.2.x86_64",
"5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386",
"5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64",
"5Client:evolution-devel-0:2.12.3-8.el5_2.2.i386",
"5Client:evolution-devel-0:2.12.3-8.el5_2.2.x86_64",
"5Client:evolution-help-0:2.12.3-8.el5_2.2.i386",
"5Client:evolution-help-0:2.12.3-8.el5_2.2.x86_64",
"5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.i386",
"5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.src",
"5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.x86_64",
"5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386",
"5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64",
"5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.i386",
"5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.x86_64",
"5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.i386",
"5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0514"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.i386",
"5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.src",
"5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.x86_64",
"5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386",
"5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64",
"5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.i386",
"5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.x86_64",
"5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.i386",
"5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.x86_64",
"5Client:evolution-0:2.12.3-8.el5_2.2.i386",
"5Client:evolution-0:2.12.3-8.el5_2.2.src",
"5Client:evolution-0:2.12.3-8.el5_2.2.x86_64",
"5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386",
"5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64",
"5Client:evolution-devel-0:2.12.3-8.el5_2.2.i386",
"5Client:evolution-devel-0:2.12.3-8.el5_2.2.x86_64",
"5Client:evolution-help-0:2.12.3-8.el5_2.2.i386",
"5Client:evolution-help-0:2.12.3-8.el5_2.2.x86_64",
"5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.i386",
"5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.src",
"5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.x86_64",
"5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386",
"5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64",
"5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.i386",
"5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.x86_64",
"5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.i386",
"5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "evolution: iCalendar buffer overflow via large timezone specification"
},
{
"acknowledgments": [
{
"names": [
"Alin Rad Pop"
],
"organization": "Secunia Research"
}
],
"cve": "CVE-2008-1109",
"discovery_date": "2008-05-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "448541"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "evolution: iCalendar buffer overflow via large description parameter",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.i386",
"5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.src",
"5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.x86_64",
"5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386",
"5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64",
"5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.i386",
"5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.x86_64",
"5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.i386",
"5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.x86_64",
"5Client:evolution-0:2.12.3-8.el5_2.2.i386",
"5Client:evolution-0:2.12.3-8.el5_2.2.src",
"5Client:evolution-0:2.12.3-8.el5_2.2.x86_64",
"5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386",
"5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64",
"5Client:evolution-devel-0:2.12.3-8.el5_2.2.i386",
"5Client:evolution-devel-0:2.12.3-8.el5_2.2.x86_64",
"5Client:evolution-help-0:2.12.3-8.el5_2.2.i386",
"5Client:evolution-help-0:2.12.3-8.el5_2.2.x86_64",
"5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.i386",
"5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.src",
"5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.x86_64",
"5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386",
"5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64",
"5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.i386",
"5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.x86_64",
"5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.i386",
"5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-1109"
},
{
"category": "external",
"summary": "RHBZ#448541",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=448541"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-1109",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1109"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1109",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1109"
}
],
"release_date": "2008-06-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-06-04T10:46:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.i386",
"5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.src",
"5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.x86_64",
"5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386",
"5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64",
"5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.i386",
"5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.x86_64",
"5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.i386",
"5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.x86_64",
"5Client:evolution-0:2.12.3-8.el5_2.2.i386",
"5Client:evolution-0:2.12.3-8.el5_2.2.src",
"5Client:evolution-0:2.12.3-8.el5_2.2.x86_64",
"5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386",
"5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64",
"5Client:evolution-devel-0:2.12.3-8.el5_2.2.i386",
"5Client:evolution-devel-0:2.12.3-8.el5_2.2.x86_64",
"5Client:evolution-help-0:2.12.3-8.el5_2.2.i386",
"5Client:evolution-help-0:2.12.3-8.el5_2.2.x86_64",
"5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.i386",
"5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.src",
"5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.x86_64",
"5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386",
"5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64",
"5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.i386",
"5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.x86_64",
"5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.i386",
"5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0514"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.i386",
"5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.src",
"5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.x86_64",
"5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386",
"5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64",
"5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.i386",
"5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.x86_64",
"5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.i386",
"5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.x86_64",
"5Client:evolution-0:2.12.3-8.el5_2.2.i386",
"5Client:evolution-0:2.12.3-8.el5_2.2.src",
"5Client:evolution-0:2.12.3-8.el5_2.2.x86_64",
"5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386",
"5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64",
"5Client:evolution-devel-0:2.12.3-8.el5_2.2.i386",
"5Client:evolution-devel-0:2.12.3-8.el5_2.2.x86_64",
"5Client:evolution-help-0:2.12.3-8.el5_2.2.i386",
"5Client:evolution-help-0:2.12.3-8.el5_2.2.x86_64",
"5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.i386",
"5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.src",
"5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.x86_64",
"5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386",
"5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64",
"5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.i386",
"5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.x86_64",
"5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.i386",
"5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "evolution: iCalendar buffer overflow via large description parameter"
}
]
}
GSD-2008-1109
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window).
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2008-1109",
"description": "Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window).",
"id": "GSD-2008-1109",
"references": [
"https://www.suse.com/security/cve/CVE-2008-1109.html",
"https://access.redhat.com/errata/RHSA-2008:0515",
"https://access.redhat.com/errata/RHSA-2008:0514",
"https://linux.oracle.com/cve/CVE-2008-1109.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2008-1109"
],
"details": "Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window).",
"id": "GSD-2008-1109",
"modified": "2023-12-13T01:23:03.541702Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2008-1109",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2008-5018",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00179.html"
},
{
"name": "ADV-2008-1732",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1732/references"
},
{
"name": "30298",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30298"
},
{
"name": "FEDORA-2008-5016",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00178.html"
},
{
"name": "30564",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30564"
},
{
"name": "SUSE-SA:2008:028",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00003.html"
},
{
"name": "RHSA-2008:0515",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0515.html"
},
{
"name": "GLSA-200806-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200806-06.xml"
},
{
"name": "30571",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30571"
},
{
"name": "FEDORA-2008-4990",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00157.html"
},
{
"name": "evolution-icalendar-description-bo(42826)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42826"
},
{
"name": "1020170",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020170"
},
{
"name": "http://secunia.com/secunia_research/2008-23/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2008-23/advisory/"
},
{
"name": "RHSA-2008:0514",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0514.html"
},
{
"name": "30716",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30716"
},
{
"name": "30527",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30527"
},
{
"name": "29527",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29527"
},
{
"name": "30702",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30702"
},
{
"name": "MDVSA-2008:111",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:111"
},
{
"name": "oval:org.mitre.oval:def:10337",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10337"
},
{
"name": "USN-615-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-615-1"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:gnome:evolution:2.22.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2008-1109"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://secunia.com/secunia_research/2008-23/advisory/",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2008-23/advisory/"
},
{
"name": "30298",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30298"
},
{
"name": "30571",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/30571"
},
{
"name": "SUSE-SA:2008:028",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00003.html"
},
{
"name": "30527",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/30527"
},
{
"name": "MDVSA-2008:111",
"refsource": "MANDRIVA",
"tags": [],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:111"
},
{
"name": "GLSA-200806-06",
"refsource": "GENTOO",
"tags": [],
"url": "http://security.gentoo.org/glsa/glsa-200806-06.xml"
},
{
"name": "29527",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/29527"
},
{
"name": "USN-615-1",
"refsource": "UBUNTU",
"tags": [],
"url": "http://www.ubuntu.com/usn/usn-615-1"
},
{
"name": "RHSA-2008:0514",
"refsource": "REDHAT",
"tags": [],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0514.html"
},
{
"name": "30716",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/30716"
},
{
"name": "RHSA-2008:0515",
"refsource": "REDHAT",
"tags": [],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0515.html"
},
{
"name": "1020170",
"refsource": "SECTRACK",
"tags": [],
"url": "http://www.securitytracker.com/id?1020170"
},
{
"name": "30702",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/30702"
},
{
"name": "FEDORA-2008-4990",
"refsource": "FEDORA",
"tags": [],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00157.html"
},
{
"name": "30564",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/30564"
},
{
"name": "FEDORA-2008-5018",
"refsource": "FEDORA",
"tags": [],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00179.html"
},
{
"name": "FEDORA-2008-5016",
"refsource": "FEDORA",
"tags": [],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00178.html"
},
{
"name": "ADV-2008-1732",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2008/1732/references"
},
{
"name": "evolution-icalendar-description-bo(42826)",
"refsource": "XF",
"tags": [],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42826"
},
{
"name": "oval:org.mitre.oval:def:10337",
"refsource": "OVAL",
"tags": [],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10337"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": true
}
},
"lastModifiedDate": "2017-09-29T01:30Z",
"publishedDate": "2008-06-04T20:32Z"
}
}
}
FKIE_CVE-2008-1109
Vulnerability from fkie_nvd - Published: 2008-06-04 20:32 - Updated: 2025-04-09 00:30
Severity ?
Summary
Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window).
References
| URL | Tags | ||
|---|---|---|---|
| PSIRT-CNA@flexerasoftware.com | http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00003.html | ||
| PSIRT-CNA@flexerasoftware.com | http://secunia.com/advisories/30298 | Vendor Advisory | |
| PSIRT-CNA@flexerasoftware.com | http://secunia.com/advisories/30527 | ||
| PSIRT-CNA@flexerasoftware.com | http://secunia.com/advisories/30564 | ||
| PSIRT-CNA@flexerasoftware.com | http://secunia.com/advisories/30571 | ||
| PSIRT-CNA@flexerasoftware.com | http://secunia.com/advisories/30702 | ||
| PSIRT-CNA@flexerasoftware.com | http://secunia.com/advisories/30716 | ||
| PSIRT-CNA@flexerasoftware.com | http://secunia.com/secunia_research/2008-23/advisory/ | Vendor Advisory | |
| PSIRT-CNA@flexerasoftware.com | http://security.gentoo.org/glsa/glsa-200806-06.xml | ||
| PSIRT-CNA@flexerasoftware.com | http://www.mandriva.com/security/advisories?name=MDVSA-2008:111 | ||
| PSIRT-CNA@flexerasoftware.com | http://www.redhat.com/support/errata/RHSA-2008-0514.html | ||
| PSIRT-CNA@flexerasoftware.com | http://www.redhat.com/support/errata/RHSA-2008-0515.html | ||
| PSIRT-CNA@flexerasoftware.com | http://www.securityfocus.com/bid/29527 | ||
| PSIRT-CNA@flexerasoftware.com | http://www.securitytracker.com/id?1020170 | ||
| PSIRT-CNA@flexerasoftware.com | http://www.ubuntu.com/usn/usn-615-1 | ||
| PSIRT-CNA@flexerasoftware.com | http://www.vupen.com/english/advisories/2008/1732/references | ||
| PSIRT-CNA@flexerasoftware.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/42826 | ||
| PSIRT-CNA@flexerasoftware.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10337 | ||
| PSIRT-CNA@flexerasoftware.com | https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00157.html | ||
| PSIRT-CNA@flexerasoftware.com | https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00178.html | ||
| PSIRT-CNA@flexerasoftware.com | https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00179.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00003.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30298 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30527 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30564 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30571 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30702 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30716 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/secunia_research/2008-23/advisory/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200806-06.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2008:111 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2008-0514.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2008-0515.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/29527 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1020170 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/usn-615-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/1732/references | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/42826 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10337 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00157.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00178.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00179.html |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:evolution:2.22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DFFCC802-9313-4B56-97A8-9A18F04799DE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window)."
},
{
"lang": "es",
"value": "Desbordamiento de B\u00fafer basado en mont\u00edculo en Evolution 2.22.1 permite a atacantes remotos asistidos por el usuario, ejecutar c\u00f3digo arbitrariamente mediante una propiedad DESCRIPTION larga en un adjunto iCalendar, que no es gestionado correctamente durante una respuesta en la vista de calendario (tambi\u00e9n conocida como ventana de Calendarios)."
}
],
"id": "CVE-2008-1109",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-06-04T20:32:00.000",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00003.html"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30298"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://secunia.com/advisories/30527"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://secunia.com/advisories/30564"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://secunia.com/advisories/30571"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://secunia.com/advisories/30702"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://secunia.com/advisories/30716"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2008-23/advisory/"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://security.gentoo.org/glsa/glsa-200806-06.xml"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:111"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0514.html"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0515.html"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securityfocus.com/bid/29527"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securitytracker.com/id?1020170"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.ubuntu.com/usn/usn-615-1"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.vupen.com/english/advisories/2008/1732/references"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42826"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10337"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00157.html"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00178.html"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00179.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30298"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30527"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30564"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30571"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30702"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30716"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2008-23/advisory/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200806-06.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:111"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0514.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0515.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29527"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020170"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-615-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1732/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42826"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10337"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00157.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00178.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00179.html"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-8H38-8V6V-579F
Vulnerability from github – Published: 2022-05-01 23:36 – Updated: 2025-04-09 03:55
VLAI?
Details
Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window).
{
"affected": [],
"aliases": [
"CVE-2008-1109"
],
"database_specific": {
"cwe_ids": [
"CWE-119"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2008-06-04T20:32:00Z",
"severity": "HIGH"
},
"details": "Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window).",
"id": "GHSA-8h38-8v6v-579f",
"modified": "2025-04-09T03:55:12Z",
"published": "2022-05-01T23:36:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1109"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42826"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10337"
},
{
"type": "WEB",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00157.html"
},
{
"type": "WEB",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00178.html"
},
{
"type": "WEB",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00179.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00003.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/30298"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/30527"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/30564"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/30571"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/30702"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/30716"
},
{
"type": "WEB",
"url": "http://secunia.com/secunia_research/2008-23/advisory"
},
{
"type": "WEB",
"url": "http://security.gentoo.org/glsa/glsa-200806-06.xml"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:111"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0514.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0515.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/29527"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id?1020170"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/usn-615-1"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2008/1732/references"
}
],
"schema_version": "1.4.0",
"severity": []
}
OPENSUSE-SU-2024:10743-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
evolution-3.40.4-1.4 on GA media
Notes
Title of the patch
evolution-3.40.4-1.4 on GA media
Description of the patch
These are all security issues fixed in the evolution-3.40.4-1.4 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10743
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "evolution-3.40.4-1.4 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the evolution-3.40.4-1.4 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10743",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10743-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-1108 page",
"url": "https://www.suse.com/security/cve/CVE-2008-1108/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-1109 page",
"url": "https://www.suse.com/security/cve/CVE-2008-1109/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-15587 page",
"url": "https://www.suse.com/security/cve/CVE-2018-15587/"
}
],
"title": "evolution-3.40.4-1.4 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10743-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "evolution-3.40.4-1.4.aarch64",
"product": {
"name": "evolution-3.40.4-1.4.aarch64",
"product_id": "evolution-3.40.4-1.4.aarch64"
}
},
{
"category": "product_version",
"name": "evolution-devel-3.40.4-1.4.aarch64",
"product": {
"name": "evolution-devel-3.40.4-1.4.aarch64",
"product_id": "evolution-devel-3.40.4-1.4.aarch64"
}
},
{
"category": "product_version",
"name": "evolution-lang-3.40.4-1.4.aarch64",
"product": {
"name": "evolution-lang-3.40.4-1.4.aarch64",
"product_id": "evolution-lang-3.40.4-1.4.aarch64"
}
},
{
"category": "product_version",
"name": "evolution-plugin-bogofilter-3.40.4-1.4.aarch64",
"product": {
"name": "evolution-plugin-bogofilter-3.40.4-1.4.aarch64",
"product_id": "evolution-plugin-bogofilter-3.40.4-1.4.aarch64"
}
},
{
"category": "product_version",
"name": "evolution-plugin-pst-import-3.40.4-1.4.aarch64",
"product": {
"name": "evolution-plugin-pst-import-3.40.4-1.4.aarch64",
"product_id": "evolution-plugin-pst-import-3.40.4-1.4.aarch64"
}
},
{
"category": "product_version",
"name": "evolution-plugin-spamassassin-3.40.4-1.4.aarch64",
"product": {
"name": "evolution-plugin-spamassassin-3.40.4-1.4.aarch64",
"product_id": "evolution-plugin-spamassassin-3.40.4-1.4.aarch64"
}
},
{
"category": "product_version",
"name": "evolution-plugin-text-highlight-3.40.4-1.4.aarch64",
"product": {
"name": "evolution-plugin-text-highlight-3.40.4-1.4.aarch64",
"product_id": "evolution-plugin-text-highlight-3.40.4-1.4.aarch64"
}
},
{
"category": "product_version",
"name": "glade-catalog-evolution-3.40.4-1.4.aarch64",
"product": {
"name": "glade-catalog-evolution-3.40.4-1.4.aarch64",
"product_id": "glade-catalog-evolution-3.40.4-1.4.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "evolution-3.40.4-1.4.ppc64le",
"product": {
"name": "evolution-3.40.4-1.4.ppc64le",
"product_id": "evolution-3.40.4-1.4.ppc64le"
}
},
{
"category": "product_version",
"name": "evolution-devel-3.40.4-1.4.ppc64le",
"product": {
"name": "evolution-devel-3.40.4-1.4.ppc64le",
"product_id": "evolution-devel-3.40.4-1.4.ppc64le"
}
},
{
"category": "product_version",
"name": "evolution-lang-3.40.4-1.4.ppc64le",
"product": {
"name": "evolution-lang-3.40.4-1.4.ppc64le",
"product_id": "evolution-lang-3.40.4-1.4.ppc64le"
}
},
{
"category": "product_version",
"name": "evolution-plugin-bogofilter-3.40.4-1.4.ppc64le",
"product": {
"name": "evolution-plugin-bogofilter-3.40.4-1.4.ppc64le",
"product_id": "evolution-plugin-bogofilter-3.40.4-1.4.ppc64le"
}
},
{
"category": "product_version",
"name": "evolution-plugin-pst-import-3.40.4-1.4.ppc64le",
"product": {
"name": "evolution-plugin-pst-import-3.40.4-1.4.ppc64le",
"product_id": "evolution-plugin-pst-import-3.40.4-1.4.ppc64le"
}
},
{
"category": "product_version",
"name": "evolution-plugin-spamassassin-3.40.4-1.4.ppc64le",
"product": {
"name": "evolution-plugin-spamassassin-3.40.4-1.4.ppc64le",
"product_id": "evolution-plugin-spamassassin-3.40.4-1.4.ppc64le"
}
},
{
"category": "product_version",
"name": "evolution-plugin-text-highlight-3.40.4-1.4.ppc64le",
"product": {
"name": "evolution-plugin-text-highlight-3.40.4-1.4.ppc64le",
"product_id": "evolution-plugin-text-highlight-3.40.4-1.4.ppc64le"
}
},
{
"category": "product_version",
"name": "glade-catalog-evolution-3.40.4-1.4.ppc64le",
"product": {
"name": "glade-catalog-evolution-3.40.4-1.4.ppc64le",
"product_id": "glade-catalog-evolution-3.40.4-1.4.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "evolution-3.40.4-1.4.s390x",
"product": {
"name": "evolution-3.40.4-1.4.s390x",
"product_id": "evolution-3.40.4-1.4.s390x"
}
},
{
"category": "product_version",
"name": "evolution-devel-3.40.4-1.4.s390x",
"product": {
"name": "evolution-devel-3.40.4-1.4.s390x",
"product_id": "evolution-devel-3.40.4-1.4.s390x"
}
},
{
"category": "product_version",
"name": "evolution-lang-3.40.4-1.4.s390x",
"product": {
"name": "evolution-lang-3.40.4-1.4.s390x",
"product_id": "evolution-lang-3.40.4-1.4.s390x"
}
},
{
"category": "product_version",
"name": "evolution-plugin-bogofilter-3.40.4-1.4.s390x",
"product": {
"name": "evolution-plugin-bogofilter-3.40.4-1.4.s390x",
"product_id": "evolution-plugin-bogofilter-3.40.4-1.4.s390x"
}
},
{
"category": "product_version",
"name": "evolution-plugin-pst-import-3.40.4-1.4.s390x",
"product": {
"name": "evolution-plugin-pst-import-3.40.4-1.4.s390x",
"product_id": "evolution-plugin-pst-import-3.40.4-1.4.s390x"
}
},
{
"category": "product_version",
"name": "evolution-plugin-spamassassin-3.40.4-1.4.s390x",
"product": {
"name": "evolution-plugin-spamassassin-3.40.4-1.4.s390x",
"product_id": "evolution-plugin-spamassassin-3.40.4-1.4.s390x"
}
},
{
"category": "product_version",
"name": "evolution-plugin-text-highlight-3.40.4-1.4.s390x",
"product": {
"name": "evolution-plugin-text-highlight-3.40.4-1.4.s390x",
"product_id": "evolution-plugin-text-highlight-3.40.4-1.4.s390x"
}
},
{
"category": "product_version",
"name": "glade-catalog-evolution-3.40.4-1.4.s390x",
"product": {
"name": "glade-catalog-evolution-3.40.4-1.4.s390x",
"product_id": "glade-catalog-evolution-3.40.4-1.4.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "evolution-3.40.4-1.4.x86_64",
"product": {
"name": "evolution-3.40.4-1.4.x86_64",
"product_id": "evolution-3.40.4-1.4.x86_64"
}
},
{
"category": "product_version",
"name": "evolution-devel-3.40.4-1.4.x86_64",
"product": {
"name": "evolution-devel-3.40.4-1.4.x86_64",
"product_id": "evolution-devel-3.40.4-1.4.x86_64"
}
},
{
"category": "product_version",
"name": "evolution-lang-3.40.4-1.4.x86_64",
"product": {
"name": "evolution-lang-3.40.4-1.4.x86_64",
"product_id": "evolution-lang-3.40.4-1.4.x86_64"
}
},
{
"category": "product_version",
"name": "evolution-plugin-bogofilter-3.40.4-1.4.x86_64",
"product": {
"name": "evolution-plugin-bogofilter-3.40.4-1.4.x86_64",
"product_id": "evolution-plugin-bogofilter-3.40.4-1.4.x86_64"
}
},
{
"category": "product_version",
"name": "evolution-plugin-pst-import-3.40.4-1.4.x86_64",
"product": {
"name": "evolution-plugin-pst-import-3.40.4-1.4.x86_64",
"product_id": "evolution-plugin-pst-import-3.40.4-1.4.x86_64"
}
},
{
"category": "product_version",
"name": "evolution-plugin-spamassassin-3.40.4-1.4.x86_64",
"product": {
"name": "evolution-plugin-spamassassin-3.40.4-1.4.x86_64",
"product_id": "evolution-plugin-spamassassin-3.40.4-1.4.x86_64"
}
},
{
"category": "product_version",
"name": "evolution-plugin-text-highlight-3.40.4-1.4.x86_64",
"product": {
"name": "evolution-plugin-text-highlight-3.40.4-1.4.x86_64",
"product_id": "evolution-plugin-text-highlight-3.40.4-1.4.x86_64"
}
},
{
"category": "product_version",
"name": "glade-catalog-evolution-3.40.4-1.4.x86_64",
"product": {
"name": "glade-catalog-evolution-3.40.4-1.4.x86_64",
"product_id": "glade-catalog-evolution-3.40.4-1.4.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-3.40.4-1.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:evolution-3.40.4-1.4.aarch64"
},
"product_reference": "evolution-3.40.4-1.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-3.40.4-1.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:evolution-3.40.4-1.4.ppc64le"
},
"product_reference": "evolution-3.40.4-1.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-3.40.4-1.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:evolution-3.40.4-1.4.s390x"
},
"product_reference": "evolution-3.40.4-1.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-3.40.4-1.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:evolution-3.40.4-1.4.x86_64"
},
"product_reference": "evolution-3.40.4-1.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-devel-3.40.4-1.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:evolution-devel-3.40.4-1.4.aarch64"
},
"product_reference": "evolution-devel-3.40.4-1.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-devel-3.40.4-1.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:evolution-devel-3.40.4-1.4.ppc64le"
},
"product_reference": "evolution-devel-3.40.4-1.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-devel-3.40.4-1.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:evolution-devel-3.40.4-1.4.s390x"
},
"product_reference": "evolution-devel-3.40.4-1.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-devel-3.40.4-1.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:evolution-devel-3.40.4-1.4.x86_64"
},
"product_reference": "evolution-devel-3.40.4-1.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-lang-3.40.4-1.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:evolution-lang-3.40.4-1.4.aarch64"
},
"product_reference": "evolution-lang-3.40.4-1.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-lang-3.40.4-1.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:evolution-lang-3.40.4-1.4.ppc64le"
},
"product_reference": "evolution-lang-3.40.4-1.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-lang-3.40.4-1.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:evolution-lang-3.40.4-1.4.s390x"
},
"product_reference": "evolution-lang-3.40.4-1.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-lang-3.40.4-1.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:evolution-lang-3.40.4-1.4.x86_64"
},
"product_reference": "evolution-lang-3.40.4-1.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-plugin-bogofilter-3.40.4-1.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4.aarch64"
},
"product_reference": "evolution-plugin-bogofilter-3.40.4-1.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-plugin-bogofilter-3.40.4-1.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4.ppc64le"
},
"product_reference": "evolution-plugin-bogofilter-3.40.4-1.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-plugin-bogofilter-3.40.4-1.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4.s390x"
},
"product_reference": "evolution-plugin-bogofilter-3.40.4-1.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-plugin-bogofilter-3.40.4-1.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4.x86_64"
},
"product_reference": "evolution-plugin-bogofilter-3.40.4-1.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-plugin-pst-import-3.40.4-1.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4.aarch64"
},
"product_reference": "evolution-plugin-pst-import-3.40.4-1.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-plugin-pst-import-3.40.4-1.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4.ppc64le"
},
"product_reference": "evolution-plugin-pst-import-3.40.4-1.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-plugin-pst-import-3.40.4-1.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4.s390x"
},
"product_reference": "evolution-plugin-pst-import-3.40.4-1.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-plugin-pst-import-3.40.4-1.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4.x86_64"
},
"product_reference": "evolution-plugin-pst-import-3.40.4-1.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-plugin-spamassassin-3.40.4-1.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4.aarch64"
},
"product_reference": "evolution-plugin-spamassassin-3.40.4-1.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-plugin-spamassassin-3.40.4-1.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4.ppc64le"
},
"product_reference": "evolution-plugin-spamassassin-3.40.4-1.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-plugin-spamassassin-3.40.4-1.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4.s390x"
},
"product_reference": "evolution-plugin-spamassassin-3.40.4-1.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-plugin-spamassassin-3.40.4-1.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4.x86_64"
},
"product_reference": "evolution-plugin-spamassassin-3.40.4-1.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-plugin-text-highlight-3.40.4-1.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4.aarch64"
},
"product_reference": "evolution-plugin-text-highlight-3.40.4-1.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-plugin-text-highlight-3.40.4-1.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4.ppc64le"
},
"product_reference": "evolution-plugin-text-highlight-3.40.4-1.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-plugin-text-highlight-3.40.4-1.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4.s390x"
},
"product_reference": "evolution-plugin-text-highlight-3.40.4-1.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "evolution-plugin-text-highlight-3.40.4-1.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4.x86_64"
},
"product_reference": "evolution-plugin-text-highlight-3.40.4-1.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glade-catalog-evolution-3.40.4-1.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4.aarch64"
},
"product_reference": "glade-catalog-evolution-3.40.4-1.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glade-catalog-evolution-3.40.4-1.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4.ppc64le"
},
"product_reference": "glade-catalog-evolution-3.40.4-1.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glade-catalog-evolution-3.40.4-1.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4.s390x"
},
"product_reference": "glade-catalog-evolution-3.40.4-1.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glade-catalog-evolution-3.40.4-1.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4.x86_64"
},
"product_reference": "glade-catalog-evolution-3.40.4-1.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2008-1108",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-1108"
}
],
"notes": [
{
"category": "general",
"text": "Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled, allows remote attackers to execute arbitrary code via a long timezone string in an iCalendar attachment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:evolution-3.40.4-1.4.aarch64",
"openSUSE Tumbleweed:evolution-3.40.4-1.4.ppc64le",
"openSUSE Tumbleweed:evolution-3.40.4-1.4.s390x",
"openSUSE Tumbleweed:evolution-3.40.4-1.4.x86_64",
"openSUSE Tumbleweed:evolution-devel-3.40.4-1.4.aarch64",
"openSUSE Tumbleweed:evolution-devel-3.40.4-1.4.ppc64le",
"openSUSE Tumbleweed:evolution-devel-3.40.4-1.4.s390x",
"openSUSE Tumbleweed:evolution-devel-3.40.4-1.4.x86_64",
"openSUSE Tumbleweed:evolution-lang-3.40.4-1.4.aarch64",
"openSUSE Tumbleweed:evolution-lang-3.40.4-1.4.ppc64le",
"openSUSE Tumbleweed:evolution-lang-3.40.4-1.4.s390x",
"openSUSE Tumbleweed:evolution-lang-3.40.4-1.4.x86_64",
"openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4.aarch64",
"openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4.ppc64le",
"openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4.s390x",
"openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4.x86_64",
"openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4.aarch64",
"openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4.ppc64le",
"openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4.s390x",
"openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4.x86_64",
"openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4.aarch64",
"openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4.ppc64le",
"openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4.s390x",
"openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4.x86_64",
"openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4.aarch64",
"openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4.ppc64le",
"openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4.s390x",
"openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4.x86_64",
"openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4.aarch64",
"openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4.ppc64le",
"openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4.s390x",
"openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-1108",
"url": "https://www.suse.com/security/cve/CVE-2008-1108"
},
{
"category": "external",
"summary": "SUSE Bug 394641 for CVE-2008-1108",
"url": "https://bugzilla.suse.com/394641"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:evolution-3.40.4-1.4.aarch64",
"openSUSE Tumbleweed:evolution-3.40.4-1.4.ppc64le",
"openSUSE Tumbleweed:evolution-3.40.4-1.4.s390x",
"openSUSE Tumbleweed:evolution-3.40.4-1.4.x86_64",
"openSUSE Tumbleweed:evolution-devel-3.40.4-1.4.aarch64",
"openSUSE Tumbleweed:evolution-devel-3.40.4-1.4.ppc64le",
"openSUSE Tumbleweed:evolution-devel-3.40.4-1.4.s390x",
"openSUSE Tumbleweed:evolution-devel-3.40.4-1.4.x86_64",
"openSUSE Tumbleweed:evolution-lang-3.40.4-1.4.aarch64",
"openSUSE Tumbleweed:evolution-lang-3.40.4-1.4.ppc64le",
"openSUSE Tumbleweed:evolution-lang-3.40.4-1.4.s390x",
"openSUSE Tumbleweed:evolution-lang-3.40.4-1.4.x86_64",
"openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4.aarch64",
"openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4.ppc64le",
"openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4.s390x",
"openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4.x86_64",
"openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4.aarch64",
"openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4.ppc64le",
"openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4.s390x",
"openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4.x86_64",
"openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4.aarch64",
"openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4.ppc64le",
"openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4.s390x",
"openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4.x86_64",
"openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4.aarch64",
"openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4.ppc64le",
"openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4.s390x",
"openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4.x86_64",
"openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4.aarch64",
"openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4.ppc64le",
"openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4.s390x",
"openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2008-1108"
},
{
"cve": "CVE-2008-1109",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-1109"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:evolution-3.40.4-1.4.aarch64",
"openSUSE Tumbleweed:evolution-3.40.4-1.4.ppc64le",
"openSUSE Tumbleweed:evolution-3.40.4-1.4.s390x",
"openSUSE Tumbleweed:evolution-3.40.4-1.4.x86_64",
"openSUSE Tumbleweed:evolution-devel-3.40.4-1.4.aarch64",
"openSUSE Tumbleweed:evolution-devel-3.40.4-1.4.ppc64le",
"openSUSE Tumbleweed:evolution-devel-3.40.4-1.4.s390x",
"openSUSE Tumbleweed:evolution-devel-3.40.4-1.4.x86_64",
"openSUSE Tumbleweed:evolution-lang-3.40.4-1.4.aarch64",
"openSUSE Tumbleweed:evolution-lang-3.40.4-1.4.ppc64le",
"openSUSE Tumbleweed:evolution-lang-3.40.4-1.4.s390x",
"openSUSE Tumbleweed:evolution-lang-3.40.4-1.4.x86_64",
"openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4.aarch64",
"openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4.ppc64le",
"openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4.s390x",
"openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4.x86_64",
"openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4.aarch64",
"openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4.ppc64le",
"openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4.s390x",
"openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4.x86_64",
"openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4.aarch64",
"openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4.ppc64le",
"openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4.s390x",
"openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4.x86_64",
"openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4.aarch64",
"openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4.ppc64le",
"openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4.s390x",
"openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4.x86_64",
"openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4.aarch64",
"openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4.ppc64le",
"openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4.s390x",
"openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-1109",
"url": "https://www.suse.com/security/cve/CVE-2008-1109"
},
{
"category": "external",
"summary": "SUSE Bug 394641 for CVE-2008-1109",
"url": "https://bugzilla.suse.com/394641"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:evolution-3.40.4-1.4.aarch64",
"openSUSE Tumbleweed:evolution-3.40.4-1.4.ppc64le",
"openSUSE Tumbleweed:evolution-3.40.4-1.4.s390x",
"openSUSE Tumbleweed:evolution-3.40.4-1.4.x86_64",
"openSUSE Tumbleweed:evolution-devel-3.40.4-1.4.aarch64",
"openSUSE Tumbleweed:evolution-devel-3.40.4-1.4.ppc64le",
"openSUSE Tumbleweed:evolution-devel-3.40.4-1.4.s390x",
"openSUSE Tumbleweed:evolution-devel-3.40.4-1.4.x86_64",
"openSUSE Tumbleweed:evolution-lang-3.40.4-1.4.aarch64",
"openSUSE Tumbleweed:evolution-lang-3.40.4-1.4.ppc64le",
"openSUSE Tumbleweed:evolution-lang-3.40.4-1.4.s390x",
"openSUSE Tumbleweed:evolution-lang-3.40.4-1.4.x86_64",
"openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4.aarch64",
"openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4.ppc64le",
"openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4.s390x",
"openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4.x86_64",
"openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4.aarch64",
"openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4.ppc64le",
"openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4.s390x",
"openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4.x86_64",
"openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4.aarch64",
"openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4.ppc64le",
"openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4.s390x",
"openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4.x86_64",
"openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4.aarch64",
"openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4.ppc64le",
"openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4.s390x",
"openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4.x86_64",
"openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4.aarch64",
"openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4.ppc64le",
"openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4.s390x",
"openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2008-1109"
},
{
"cve": "CVE-2018-15587",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-15587"
}
],
"notes": [
{
"category": "general",
"text": "GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:evolution-3.40.4-1.4.aarch64",
"openSUSE Tumbleweed:evolution-3.40.4-1.4.ppc64le",
"openSUSE Tumbleweed:evolution-3.40.4-1.4.s390x",
"openSUSE Tumbleweed:evolution-3.40.4-1.4.x86_64",
"openSUSE Tumbleweed:evolution-devel-3.40.4-1.4.aarch64",
"openSUSE Tumbleweed:evolution-devel-3.40.4-1.4.ppc64le",
"openSUSE Tumbleweed:evolution-devel-3.40.4-1.4.s390x",
"openSUSE Tumbleweed:evolution-devel-3.40.4-1.4.x86_64",
"openSUSE Tumbleweed:evolution-lang-3.40.4-1.4.aarch64",
"openSUSE Tumbleweed:evolution-lang-3.40.4-1.4.ppc64le",
"openSUSE Tumbleweed:evolution-lang-3.40.4-1.4.s390x",
"openSUSE Tumbleweed:evolution-lang-3.40.4-1.4.x86_64",
"openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4.aarch64",
"openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4.ppc64le",
"openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4.s390x",
"openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4.x86_64",
"openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4.aarch64",
"openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4.ppc64le",
"openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4.s390x",
"openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4.x86_64",
"openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4.aarch64",
"openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4.ppc64le",
"openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4.s390x",
"openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4.x86_64",
"openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4.aarch64",
"openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4.ppc64le",
"openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4.s390x",
"openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4.x86_64",
"openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4.aarch64",
"openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4.ppc64le",
"openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4.s390x",
"openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-15587",
"url": "https://www.suse.com/security/cve/CVE-2018-15587"
},
{
"category": "external",
"summary": "SUSE Bug 1125230 for CVE-2018-15587",
"url": "https://bugzilla.suse.com/1125230"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:evolution-3.40.4-1.4.aarch64",
"openSUSE Tumbleweed:evolution-3.40.4-1.4.ppc64le",
"openSUSE Tumbleweed:evolution-3.40.4-1.4.s390x",
"openSUSE Tumbleweed:evolution-3.40.4-1.4.x86_64",
"openSUSE Tumbleweed:evolution-devel-3.40.4-1.4.aarch64",
"openSUSE Tumbleweed:evolution-devel-3.40.4-1.4.ppc64le",
"openSUSE Tumbleweed:evolution-devel-3.40.4-1.4.s390x",
"openSUSE Tumbleweed:evolution-devel-3.40.4-1.4.x86_64",
"openSUSE Tumbleweed:evolution-lang-3.40.4-1.4.aarch64",
"openSUSE Tumbleweed:evolution-lang-3.40.4-1.4.ppc64le",
"openSUSE Tumbleweed:evolution-lang-3.40.4-1.4.s390x",
"openSUSE Tumbleweed:evolution-lang-3.40.4-1.4.x86_64",
"openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4.aarch64",
"openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4.ppc64le",
"openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4.s390x",
"openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4.x86_64",
"openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4.aarch64",
"openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4.ppc64le",
"openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4.s390x",
"openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4.x86_64",
"openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4.aarch64",
"openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4.ppc64le",
"openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4.s390x",
"openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4.x86_64",
"openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4.aarch64",
"openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4.ppc64le",
"openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4.s390x",
"openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4.x86_64",
"openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4.aarch64",
"openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4.ppc64le",
"openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4.s390x",
"openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:evolution-3.40.4-1.4.aarch64",
"openSUSE Tumbleweed:evolution-3.40.4-1.4.ppc64le",
"openSUSE Tumbleweed:evolution-3.40.4-1.4.s390x",
"openSUSE Tumbleweed:evolution-3.40.4-1.4.x86_64",
"openSUSE Tumbleweed:evolution-devel-3.40.4-1.4.aarch64",
"openSUSE Tumbleweed:evolution-devel-3.40.4-1.4.ppc64le",
"openSUSE Tumbleweed:evolution-devel-3.40.4-1.4.s390x",
"openSUSE Tumbleweed:evolution-devel-3.40.4-1.4.x86_64",
"openSUSE Tumbleweed:evolution-lang-3.40.4-1.4.aarch64",
"openSUSE Tumbleweed:evolution-lang-3.40.4-1.4.ppc64le",
"openSUSE Tumbleweed:evolution-lang-3.40.4-1.4.s390x",
"openSUSE Tumbleweed:evolution-lang-3.40.4-1.4.x86_64",
"openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4.aarch64",
"openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4.ppc64le",
"openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4.s390x",
"openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4.x86_64",
"openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4.aarch64",
"openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4.ppc64le",
"openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4.s390x",
"openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4.x86_64",
"openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4.aarch64",
"openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4.ppc64le",
"openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4.s390x",
"openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4.x86_64",
"openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4.aarch64",
"openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4.ppc64le",
"openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4.s390x",
"openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4.x86_64",
"openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4.aarch64",
"openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4.ppc64le",
"openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4.s390x",
"openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-15587"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…