Synopsis: Important: evolution-data-server security update Issue date: 2007-06-25 CVE Names: CVE-2007-3257 A flaw was found in the way evolution-data-server processes certain IMAP server messages. If a user can be tricked into connecting to a malicious IMAP server it may be possible to execute arbitrary code as the user running the evolution-data-server process. (CVE-2007-3257) Evolution crushed in first-time wizard stage for timezones: Europe/Moscow, Europe/Volgograd, Asia/Irkutsk, Asia/Makassar, Asia/Ujung_Pandang, Asia/Ulaanbaatar, Asia/Ulan_Bator. This bug is a consequence of removing TZNAME tag from timezone ICS VCARDs. SL 5.x SRPMS: evolution-data-server-1.8.0-15.0.4.1.sl5.src.rpm i386: evolution-data-server-1.8.0-15.0.4.1.sl5.i386.rpm evolution-data-server-devel-1.8.0-15.0.4.1.sl5.i386.rpm x86_64: evolution-data-server-1.8.0-15.0.4.1.sl5.i386.rpm evolution-data-server-1.8.0-15.0.4.1.sl5.x86_64.rpm evolution-data-server-devel-1.8.0-15.0.4.1.sl5.i386.rpm evolution-data-server-devel-1.8.0-15.0.4.1.sl5.x86_64.rpm -Connie Sieh -Troy Dawson