diff options
author | Matthew Barnes <mbarnes@redhat.com> | 2008-06-04 18:46:38 +0800 |
---|---|---|
committer | Matthew Barnes <mbarnes@src.gnome.org> | 2008-06-04 18:46:38 +0800 |
commit | eee236262005c4486e246dc77b9609ddc0fdfe09 (patch) | |
tree | 1a4df35ec414a23160b66d3968d106462e68727f /calendar/ChangeLog | |
parent | c1b28e2e05ac1790af041a6cb3cfdc4011baa002 (diff) | |
download | gsoc2013-evolution-eee236262005c4486e246dc77b9609ddc0fdfe09.tar gsoc2013-evolution-eee236262005c4486e246dc77b9609ddc0fdfe09.tar.gz gsoc2013-evolution-eee236262005c4486e246dc77b9609ddc0fdfe09.tar.bz2 gsoc2013-evolution-eee236262005c4486e246dc77b9609ddc0fdfe09.tar.lz gsoc2013-evolution-eee236262005c4486e246dc77b9609ddc0fdfe09.tar.xz gsoc2013-evolution-eee236262005c4486e246dc77b9609ddc0fdfe09.tar.zst gsoc2013-evolution-eee236262005c4486e246dc77b9609ddc0fdfe09.zip |
** Fixes security vulnerabilities CVE-2008-1108 and CVE-2008-1109
2008-06-04 Matthew Barnes <mbarnes@redhat.com>
** Fixes security vulnerabilities
CVE-2008-1108 and CVE-2008-1109
* calendar/gui/itip-utils.c (html_new_lines_for):
Do not use a fixed-size buffer for parsing external data.
Simplify the logic to just split and rejoin the string with a
different line separator.
* calendar/gui/e-itip-control.c (write_label_piece),
(write_recurrence_piece), (set_date_label):
Use a GString rather than a fixed-size buffer to build the HTML
string to avoid the possibility of an overflow.
svn path=/trunk/; revision=35594
Diffstat (limited to 'calendar/ChangeLog')
-rw-r--r-- | calendar/ChangeLog | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/calendar/ChangeLog b/calendar/ChangeLog index b767e3bf9a..6fd1593859 100644 --- a/calendar/ChangeLog +++ b/calendar/ChangeLog @@ -1,3 +1,18 @@ +2008-06-04 Matthew Barnes <mbarnes@redhat.com> + + ** Fixes security vulnerabilities + CVE-2008-1108 and CVE-2008-1109 + + * gui/itip-utils.c (html_new_lines_for): + Do not use a fixed-size buffer for parsing external data. + Simplify the logic to just split and rejoin the string with a + different line separator. + + * gui/e-itip-control.c (write_label_piece), (write_recurrence_piece), + (set_date_label): + Use a GString rather than a fixed-size buffer to build the HTML + string to avoid the possibility of an overflow. + 2008-06-04 Shuai Liu <shuai.liu@sun.com> ** Fix for bug #535204 |