| Description: | Summary:
The remote host is missing an update for the Debian 'evolution' package(s) announced via the DSA-1325-1 advisory.
Vulnerability Insight:
Several remote vulnerabilities have been discovered in Evolution, a groupware suite with mail client and organizer. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2007-1002
Ulf Harnhammar discovered that a format string vulnerability in the handling of shared calendars may allow the execution of arbitrary code.
CVE-2007-3257
It was discovered that the IMAP code in the Evolution Data Server performs insufficient sanitising of a value later used an array index, which can lead to the execution of arbitrary code.
For the oldstable distribution (sarge) these problems have been fixed in version 2.0.4-2sarge2. Packages for hppa, mips and powerpc are not yet available. They will be provided later.
For the stable distribution (etch) these problems have been fixed in version 2.6.3-6etch1. Packages for mips are not yet available. They will be provided later.
For the unstable distribution (sid) these problems will be fixed soon.
We recommend that you upgrade your evolution packages.
Affected Software/OS:
'evolution' package(s) on Debian 3.1, Debian 4.
Solution:
Please install the updated package(s).
CVSS Score:
6.8
CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
