137209 – Evolution Crashes after receiving an email with a vcard for 2006 date

Bug 137209 - Evolution Crashes after receiving an email with a vcard for 2006 date

Summary: Evolution Crashes after receiving an email with a vcard for 2006 date

Status:	RESOLVED FIXED

Alias:	None

Product:	SUSE LINUX 10.0
Classification:	openSUSE
Component:	GNOME (show other bugs)
Version:	unspecified
Hardware:	x86 Other

Priority:	P5 - None Severity: Critical
Target Milestone:	---
Assignee:	Stanislav Brabec
QA Contact:	E-mail List

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2005-12-06 18:19 UTC by Alex Weeks
Modified:	2005-12-20 12:44 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Other
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
The patches fixes the crash (1.86 KB, patch) 2005-12-08 15:20 UTC, Forgotten User ex4EZfzxBL	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alex Weeks 2005-12-06 18:19:12 UTC

This is a known bug:  http://bugzilla.gnome.org/show_bug.cgi?id=315345
or

http://bugzilla.gnome.org/show_bug.cgi?id=322861

This has been resolved with Evolution 2.4.1  

This bug makes it near impossible to use Evolution for anything critical. Please release an updated RPM.

Comment 2 Marcus Meissner 2005-12-07 10:23:15 UTC

is this security relevant?

can a remote user cause this (by attaching vcard attachment for instance)?

does it just crash, or can the attacker execute code? 

can someone perhaps attach the patch?

Comment 3 Andreas Jaeger 2005-12-07 11:02:42 UTC

Please attach a patch for just this problem.

Comment 4 Forgotten User ex4EZfzxBL 2005-12-08 15:20:03 UTC

Created attachment 60118 [details]
The patches fixes the crash

Comment 5 Andreas Jaeger 2005-12-09 08:42:58 UTC

YOU update approve with just adding the patch from comment 4, swamp-ID is: Maintenance-Tracker-3189

Comment 6 JP Rosevear 2005-12-09 13:10:05 UTC

Re-assigning to gary to do the update.

Comment 7 Stanislav Brabec 2005-12-09 15:27:24 UTC

Packages for testing are in:
ftp://ftp.suse.com/pub/people/sbrabec/testing/137209/

Submitted for 10.0:

Patchinfo submitted to:
/work/src/done/PATCHINFO/evolution.patch.box

Patchinfo is world-writable. Please translate to German. It is "recommended". Security team can re-classify it as "security", if they think so.

Comment 8 Alex Weeks 2005-12-19 15:36:13 UTC

When will these updated rpm's be released?  Also, why are the version #'s lower than the current ones?

This is causing me a major production issue.  I am receiving 2 - 4 vcard attachments a day for 2006.

When I "rpm -Uvh --test" teh packages all it complains about is that I have a "newer version" already installed.

Current rpm's released:
evolution-exchange-2.4.0-5
evolution-webcal-2.4.0.1-3
evolution-2.4.0-3.2
evolution-data-server-1.4.0-5.2
evolution-pilot-2.4.0-3.2

Patch versions:
evolution-2.4.0-3.1.i586.rpm
evolution-2.4.0-3.1.src.rpm
evolution-devel-2.4.0-3.1.i586.rpm
evolution-pilot-2.4.0-3.1.i586.rpm

Comment 9 Marcus Meissner 2005-12-19 17:05:11 UTC

we are preparing updates. likely going out tomorrow.

Comment 10 Marcus Meissner 2005-12-20 12:44:45 UTC

i just approved the updated packages.