diff options
Diffstat (limited to 'calendar/ChangeLog')
| -rw-r--r-- | calendar/ChangeLog | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/calendar/ChangeLog b/calendar/ChangeLog index b767e3bf9a..6fd1593859 100644 --- a/calendar/ChangeLog +++ b/calendar/ChangeLog @@ -1,3 +1,18 @@ +2008-06-04 Matthew Barnes <mbarnes@redhat.com> + + ** Fixes security vulnerabilities + CVE-2008-1108 and CVE-2008-1109 + + * gui/itip-utils.c (html_new_lines_for): + Do not use a fixed-size buffer for parsing external data. + Simplify the logic to just split and rejoin the string with a + different line separator. + + * gui/e-itip-control.c (write_label_piece), (write_recurrence_piece), + (set_date_label): + Use a GString rather than a fixed-size buffer to build the HTML + string to avoid the possibility of an overflow. + 2008-06-04 Shuai Liu <shuai.liu@sun.com> ** Fix for bug #535204 |