diff options
author | Matthew Barnes <mbarnes@redhat.com> | 2008-06-04 18:46:38 +0800 |
---|---|---|
committer | Matthew Barnes <mbarnes@src.gnome.org> | 2008-06-04 18:46:38 +0800 |
commit | eee236262005c4486e246dc77b9609ddc0fdfe09 (patch) | |
tree | 1a4df35ec414a23160b66d3968d106462e68727f /mail | |
parent | c1b28e2e05ac1790af041a6cb3cfdc4011baa002 (diff) | |
download | gsoc2013-evolution-eee236262005c4486e246dc77b9609ddc0fdfe09.tar.gz gsoc2013-evolution-eee236262005c4486e246dc77b9609ddc0fdfe09.tar.zst gsoc2013-evolution-eee236262005c4486e246dc77b9609ddc0fdfe09.zip |
** Fixes security vulnerabilities CVE-2008-1108 and CVE-2008-1109
2008-06-04 Matthew Barnes <mbarnes@redhat.com>
** Fixes security vulnerabilities
CVE-2008-1108 and CVE-2008-1109
* calendar/gui/itip-utils.c (html_new_lines_for):
Do not use a fixed-size buffer for parsing external data.
Simplify the logic to just split and rejoin the string with a
different line separator.
* calendar/gui/e-itip-control.c (write_label_piece),
(write_recurrence_piece), (set_date_label):
Use a GString rather than a fixed-size buffer to build the HTML
string to avoid the possibility of an overflow.
svn path=/trunk/; revision=35594
Diffstat (limited to 'mail')
0 files changed, 0 insertions, 0 deletions