[VIM] Possible combined Evolution issue(s)

Steven M. Christey coley at mitre.org
Tue Sep 20 19:29:36 EDT 2005


I haven't done extensive research on this, but it appears that some
VDB's have combined multiple Evolution issues into a single record.

CAN-2005-0806 is for a bug report that originated from:

  http://bugzilla.ximian.com/show_bug.cgi?id=72609

and covered in several vendor advisories.

This is reported for 2.0.3.  The bug report is scarce on exploit
details.  The original report was early February 2005.

This appears to have been combined with a full-disclosure post in late
Feb 2005:

  Novell/Ximian Evolution multiple text attachments DoS
  http://archives.neohapsis.com/archives/fulldisclosure/2005-02/0591.html

The discloser appears to be different from the original bug report
associated with CAN-2005-0806, and this Full-Disclosure issue appears
to involve a large number of attachments, whereas the CAN-2005-0806
seems to involve a single odd article.

- Steve


More information about the VIM mailing list