evolution-3.40.4-1.4 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10743 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z evolution-3.40.4-1.4 on GA media These are all security issues fixed in the evolution-3.40.4-1.4 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10743 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10743 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2008-1108/ SUSE CVE CVE-2008-1108 page https://www.suse.com/security/cve/CVE-2008-1109/ SUSE CVE CVE-2008-1109 page https://www.suse.com/security/cve/CVE-2018-15587/ SUSE CVE CVE-2018-15587 page openSUSE Tumbleweed evolution-3.40.4-1.4 evolution-devel-3.40.4-1.4 evolution-lang-3.40.4-1.4 evolution-plugin-bogofilter-3.40.4-1.4 evolution-plugin-pst-import-3.40.4-1.4 evolution-plugin-spamassassin-3.40.4-1.4 evolution-plugin-text-highlight-3.40.4-1.4 glade-catalog-evolution-3.40.4-1.4 evolution-3.40.4-1.4 as a component of openSUSE Tumbleweed evolution-devel-3.40.4-1.4 as a component of openSUSE Tumbleweed evolution-lang-3.40.4-1.4 as a component of openSUSE Tumbleweed evolution-plugin-bogofilter-3.40.4-1.4 as a component of openSUSE Tumbleweed evolution-plugin-pst-import-3.40.4-1.4 as a component of openSUSE Tumbleweed evolution-plugin-spamassassin-3.40.4-1.4 as a component of openSUSE Tumbleweed evolution-plugin-text-highlight-3.40.4-1.4 as a component of openSUSE Tumbleweed glade-catalog-evolution-3.40.4-1.4 as a component of openSUSE Tumbleweed Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled, allows remote attackers to execute arbitrary code via a long timezone string in an iCalendar attachment. CVE-2008-1108 openSUSE Tumbleweed:evolution-3.40.4-1.4 openSUSE Tumbleweed:evolution-devel-3.40.4-1.4 openSUSE Tumbleweed:evolution-lang-3.40.4-1.4 openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4 openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4 openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4 openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4 openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2008-1108.html CVE-2008-1108 https://bugzilla.suse.com/394641 SUSE Bug 394641 Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window). CVE-2008-1109 openSUSE Tumbleweed:evolution-3.40.4-1.4 openSUSE Tumbleweed:evolution-devel-3.40.4-1.4 openSUSE Tumbleweed:evolution-lang-3.40.4-1.4 openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4 openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4 openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4 openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4 openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2008-1109.html CVE-2008-1109 https://bugzilla.suse.com/394641 SUSE Bug 394641 GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment. CVE-2018-15587 openSUSE Tumbleweed:evolution-3.40.4-1.4 openSUSE Tumbleweed:evolution-devel-3.40.4-1.4 openSUSE Tumbleweed:evolution-lang-3.40.4-1.4 openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4 openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4 openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4 openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4 openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-15587.html CVE-2018-15587 https://bugzilla.suse.com/1125230 SUSE Bug 1125230