Version in base suite: 2.0.4-2sarge2
Version in overlay suite: 2.0.4-2sarge3

Base version: evolution_2.0.4-2sarge2
Target version: evolution_2.0.4-2sarge3
Base file: /org/ftp.debian.org/ftp/pool/main/e/evolution/evolution_2.0.4-2sarge2.dsc
Target file: /org/ftp.debian.org/ftp/pool/main/e/evolution/evolution_2.0.4-2sarge3.dsc

diff -u evolution-2.0.4/debian/changelog evolution-2.0.4/debian/changelog
--- evolution-2.0.4/debian/changelog
+++ evolution-2.0.4/debian/changelog
@@ -1,3 +1,11 @@
+evolution (2.0.4-2sarge3) oldstable-security; urgency=high
+
+  * Non-maintainer upload by the security team.
+  * Fix Encrypted Message Version Format String Vulnerability
+    (CVE-2008-0072).
+
+ -- Thijs Kinkhorst <thijs@debian.org>  Tue,  4 Mar 2008 22:18:21 +0100
+
 evolution (2.0.4-2sarge2) oldstable-security; urgency=high
 
   * SECURITY: New patch, z_10_imap-negative-array-index, fixes potential
only in patch2:
unchanged:
--- evolution-2.0.4.orig/debian/patches/z_90_CVE-2008-0072.patch
+++ evolution-2.0.4/debian/patches/z_90_CVE-2008-0072.patch
@@ -0,0 +1,30 @@
+diff -ur evolution-2.0.4.orig/mail/em-format.c evolution-2.0.4/mail/em-format.c
+--- evolution-2.0.4.orig/mail/em-format.c	2004-12-06 08:47:05.000000000 +0100
++++ evolution-2.0.4/mail/em-format.c	2008-03-04 22:14:09.462136173 +0100
+@@ -1120,7 +1120,7 @@
+ 	opart = camel_mime_part_new();
+ 	valid = camel_cipher_decrypt(context, part, opart, ex);
+ 	if (valid == NULL) {
+-		em_format_format_error(emf, stream, ex->desc?ex->desc:_("Could not parse S/MIME message: Unknown error"));
++		em_format_format_error(emf, stream, "%s", ex->desc?ex->desc:_("Could not parse S/MIME message: Unknown error"));
+ 		em_format_part_as(emf, stream, part, NULL);
+ 	} else {
+ 		if (emfc == NULL)
+@@ -1255,7 +1255,7 @@
+ 	if (valid == NULL) {
+ 		em_format_format_error(emf, stream, ex->desc?("Could not parse S/MIME message"):_("Could not parse S/MIME message: Unknown error"));
+ 		if (ex->desc)
+-			em_format_format_error(emf, stream, ex->desc);
++			em_format_format_error(emf, stream, "%s", ex->desc);
+ 		em_format_part_as(emf, stream, part, "multipart/mixed");
+ 	} else {
+ 		if (emfc == NULL)
+@@ -1420,7 +1420,7 @@
+ 		if (valid == NULL) {
+ 			em_format_format_error(emf, stream, ex->desc?_("Error verifying signature"):_("Unknown error verifying signature"));
+ 			if (ex->desc)
+-				em_format_format_error(emf, stream, ex->desc);
++				em_format_format_error(emf, stream, "%s", ex->desc);
+ 			em_format_part_as(emf, stream, part, "multipart/mixed");
+ 		} else {
+ 			if (emfc == NULL)