Gentoo Linux Security Advisory GLSA 200806-06 - Multiple vulnerabilities in Evolution may allow for user-assisted execution of arbitrary code. Versions less than 2.12.3-r2 are affected.
135bb9ab1de2bc1017950f49502b4412aa54667992de860daf652fbb6c710f11
Mandriva Linux Security Advisory - Evolution did not properly validate timezone data when processing iCalendar attachments. If a user disabled the Itip Formatter plugin and viewed a crafted iCalendar attachment, an attacker could cause a denial of service or potentially execute arbitrary code with the user's privileges. Evolution also did not properly validate the DESCRIPTION field when processing iCalendar attachments. If a user were tricked into accepting a crafted iCalendar attachment and replied to it from the calendar window, an attacker could cause a denial of service or potentially execute arbitrary code with the user's privileges. In addition, Matej Cepl found that Evolution did not properly validate date fields when processing iCalendar attachments, which could lead to a denial of service if the user viewed a crafted iCalendar attachment with the Itip Formatter plugin disabled.
c8887f2382bbf2f38ca613a39ff385f4667c6d738032adf9747301ae840ae724
Ubuntu Security Notice 615-1 - Alin Rad Pop of Secunia Research discovered that Evolution did not properly validate timezone data when processing iCalendar attachments. If a user disabled the ITip Formatter plugin and viewed a crafted iCalendar attachment, an attacker could cause a denial of service or possibly execute code with user privileges. Note that the ITip Formatter plugin is enabled by default in Ubuntu. Alin Rad Pop of Secunia Research discovered that Evolution did not properly validate the DESCRIPTION field when processing iCalendar attachments. If a user were tricked into accepting a crafted iCalendar attachment and replied to it from the calendar window, an attacker code cause a denial of service or execute code with user privileges. Matej Cepl discovered that Evolution did not properly validate date fields when processing iCalendar attachments. If a user disabled the ITip Formatter plugin and viewed a crafted iCalendar attachment, an attacker could cause a denial of service. Note that the ITip Formatter plugin is enabled by default in Ubuntu.
193a2293c57e306c6e96a9d6f95e6c78b667727a51dc2eba5e75442bdf6761aa