This does not appear to be a serious security bug because it requires
the user to insert a malicious html file into the mail composer. Based
on the patch and (limited) blackbox testing, this does not appear to be
remotely exploitable (eg via a crafted html email). The patch fixes
reparent_embedded() in gtkhtml.c. This function is called by
gtk_html_insert_html_generic(), which is in turn called by
gtk_html_insert_html(), gtk_html_insert_gtk_html() and
gtk_html_append_html(). These functions are only called via
clipboard_paste_received_cb() and code from components/html-
editor/engine.c.
I am going to set the priority to Low, as it appears to be just a
crasher and requires user assistance.
** Changed in: gtkhtml3.14 (Ubuntu Hardy)
Importance: Undecided => Low
Status: New => Triaged
** Changed in: gtkhtml3.14 (Ubuntu Gutsy)
Importance: Undecided => Low
Status: New => Triaged
** Changed in: gtkhtml3.14 (Ubuntu Feisty)
Importance: Undecided => Low
Status: New => Triaged
** Changed in: gtkhtml3.14 (Ubuntu Dapper)
Importance: Undecided => Low
Status: New => Triaged
** Changed in: evolution (Ubuntu Dapper)
Status: New => Invalid
** Changed in: evolution (Ubuntu Feisty)
Status: New => Invalid
** Changed in: evolution (Ubuntu Gutsy)
Status: New => Invalid
** Changed in: gtkhtml3.6 (Ubuntu Dapper)
Sourcepackagename: gtkhtml3.14 => gtkhtml3.6
** Changed in: gtkhtml3.14 (Ubuntu Dapper)
Sourcepackagename: gtkhtml3.6 => gtkhtml3.14
--
Evolution vulnerability via HTML frames
https://bugs.launchpad.net/bugs/243487
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
