rpms/evolution/devel evolution-2.21.92-CVE-2008-0072.patch, NONE, 1.1 evolution.spec, 1.324, 1.325
Matthew Barnes (mbarnes)
fedora-extras-commits at redhat.com
Wed Mar 5 15:10:34 UTC 2008
Author: mbarnes
Update of /cvs/pkgs/rpms/evolution/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv6560
Modified Files:
evolution.spec
Added Files:
evolution-2.21.92-CVE-2008-0072.patch
Log Message:
* Tue Mar 04 2008 Matthew Barnes <mbarnes at redhat.com> - 2.21.92-2.fc9
- Add patch for CVE-2008-0072 (format string vulnerability).
evolution-2.21.92-CVE-2008-0072.patch:
--- NEW FILE evolution-2.21.92-CVE-2008-0072.patch ---
diff -up evolution-2.21.92/mail/em-format.c.CVE-2008-0072 evolution-2.21.92/mail/em-format.c
--- evolution-2.21.92/mail/em-format.c.CVE-2008-0072 2008-01-27 22:59:48.000000000 -0500
+++ evolution-2.21.92/mail/em-format.c 2008-03-04 15:40:29.000000000 -0500
@@ -1193,7 +1193,7 @@ emf_application_xpkcs7mime(EMFormat *emf
opart = camel_mime_part_new();
valid = camel_cipher_decrypt(context, part, opart, ex);
if (valid == NULL) {
- em_format_format_error(emf, stream, ex->desc?ex->desc:_("Could not parse S/MIME message: Unknown error"));
+ em_format_format_error(emf, stream, "%s", ex->desc?ex->desc:_("Could not parse S/MIME message: Unknown error"));
em_format_part_as(emf, stream, part, NULL);
} else {
if (emfc == NULL)
@@ -1350,7 +1350,7 @@ emf_multipart_encrypted(EMFormat *emf, C
if (valid == NULL) {
em_format_format_error(emf, stream, ex->desc?_("Could not parse PGP/MIME message"):_("Could not parse PGP/MIME message: Unknown error"));
if (ex->desc)
- em_format_format_error(emf, stream, ex->desc);
+ em_format_format_error(emf, stream, "%s", ex->desc);
em_format_part_as(emf, stream, part, "multipart/mixed");
} else {
if (emfc == NULL)
@@ -1515,7 +1515,7 @@ emf_multipart_signed(EMFormat *emf, Came
if (valid == NULL) {
em_format_format_error(emf, stream, ex->desc?_("Error verifying signature"):_("Unknown error verifying signature"));
if (ex->desc)
- em_format_format_error(emf, stream, ex->desc);
+ em_format_format_error(emf, stream, "%s", ex->desc);
em_format_part_as(emf, stream, part, "multipart/mixed");
} else {
if (emfc == NULL)
@@ -1586,7 +1586,7 @@ emf_inlinepgp_signed(EMFormat *emf, Came
if (!valid) {
em_format_format_error(emf, stream, ex->desc?_("Error verifying signature"):_("Unknown error verifying signature"));
if (ex->desc)
- em_format_format_error(emf, stream, ex->desc);
+ em_format_format_error(emf, stream, "%s", ex->desc);
em_format_format_source(emf, stream, ipart);
/* I think this will loop: em_format_part_as(emf, stream, part, "text/plain"); */
camel_exception_free(ex);
@@ -1658,7 +1658,7 @@ emf_inlinepgp_encrypted(EMFormat *emf, C
if (!valid) {
em_format_format_error(emf, stream, ex->desc?_("Could not parse PGP message"):_("Could not parse PGP message: Unknown error"));
if (ex->desc)
- em_format_format_error(emf, stream, ex->desc);
+ em_format_format_error(emf, stream, "%s", ex->desc);
em_format_format_source(emf, stream, ipart);
/* I think this will loop: em_format_part_as(emf, stream, part, "text/plain"); */
camel_exception_free(ex);
Index: evolution.spec
===================================================================
RCS file: /cvs/pkgs/rpms/evolution/devel/evolution.spec,v
retrieving revision 1.324
retrieving revision 1.325
diff -u -r1.324 -r1.325
--- evolution.spec 25 Feb 2008 19:43:55 -0000 1.324
+++ evolution.spec 5 Mar 2008 15:09:45 -0000 1.325
@@ -46,7 +46,7 @@
Name: evolution
Version: 2.21.92
-Release: 1%{?dist}
+Release: 2%{?dist}
License: GPLv2 and GFDL+
Group: Applications/Productivity
Summary: GNOME's next-generation groupware suite
@@ -81,6 +81,9 @@
# RH bug #176400
Patch15: evolution-2.9.1-im-context-reset.patch
+# CVE-2008-0072
+Patch16: evolution-2.21.92-CVE-2008-0072.patch
+
## Dependencies ###
Requires(post): GConf2
@@ -223,6 +226,7 @@
%patch13 -p1 -b .fix-conduit-dir
%patch14 -p1 -b .no-gnome-common
%patch15 -p1 -b .im-context-reset
+%patch16 -p1 -b .CVE-2008-0072
mkdir -p krb5-fakeprefix/include
mkdir -p krb5-fakeprefix/lib
@@ -650,6 +654,9 @@
%{evo_plugin_dir}/liborg-gnome-sa-junk-plugin.so
%changelog
+* Tue Mar 04 2008 Matthew Barnes <mbarnes at redhat.com> - 2.21.92-2.fc9
+- Add patch for CVE-2008-0072 (format string vulnerability).
+
* Mon Feb 25 2008 Matthew Barnes <mbarnes at redhat.com> - 2.21.92-1.fc9
- Update to 2.21.92
- Bump eds_version to 2.21.92.
More information about the fedora-extras-commits
mailing list