After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 641069 - downstream bnc #658194 tnef plugin directory traversal and buffer overflow vulnerabilities
downstream bnc #658194 tnef plugin directory traversal and buffer overflow vu...
Status: RESOLVED FIXED
Product: evolution
Classification: Applications
Component: Plugins
3.0.x (obsolete)
Other Linux
: Normal normal
: ---
Assigned To: evolution-plugin-maintainers
Evolution QA team
Depends on:
Blocks:
 
 
Reported: 2011-01-31 19:45 UTC by Punit Jain
Modified: 2013-09-13 01:09 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
Evolution Patch (7.19 KB, patch)
2011-01-31 19:45 UTC, Punit Jain 		accepted-commit_now Details | Review

Description Punit Jain 2011-01-31 19:45:05 UTC 
Created attachment 179741 [details] [review]
Evolution Patch

This patch solves the directory traversal and directory traversal vulnerabilities found in tnef plugins.
Comment 1 Punit Jain 2011-01-31 19:49:20 UTC 
Though i couldn't test it well but it should solve the issue.
Comment 2 Matthew Barnes 2011-01-31 22:29:10 UTC 
Go ahead and commit.

That plugin (and tnef itself) is so badly written that I imagine it's rife with security issues.  I don't see us moving it out of the "experimental" group anytime soon.