Diego Pettenò

**Name of the Vulnerable Software and Affected Versions** Evolution Data Server versions prior to 2.24.5 libedataserverui1.2-6 libedataserverui1.2-7 libedataserverui1.2-8 libedataserver1.2-7 libedataserver1.2-9 libedataserverui1.2-dev libedataserver1.2-dev libgdata1.2-1 libgdata1.2-dev **Description** The issue involves multiple vulnerabilities in the Evolution Data Server and related packages in the Debian GNU/Linux operating system. These vulnerabilities can lead to disruptions in the confidentiality, integrity, and availability of protected information. Exploitation of these vulnerabilities can be carried out remotely. The vulnerabilities include multiple integer overflows in the Evolution Data Server, which allow context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation in certain files. **Recommendations** For Evolution Data Server versions prior to 2.24.5, update to version 2.24.5 or later. For libedataserverui1.2-6, libedataserverui1.2-7, and libedataserverui1.2-8, consider disabling the affected packages until a patch is available. For libedataserver1.2-7 and libedataserver1.2-9, restrict access to the affected modules to minimize the risk of exploitation. For libedataserverui1.2-dev and libedataserver1.2-dev, avoid using the vulnerable functions until the issue is resolved. For libgdata1.2-1 and libgdata1.2-dev, consider applying configuration changes to mitigate the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability in some of the affected packages.