Format string vulnerability in Evolution 1.4 through 2.3.6.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the calendar entries such as task lists, which are not properly handled when the user selects the Calendars tab.
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10880
http://www.sitic.se/eng/advisories_and_recommendations/sa05-001.html
http://www.securityfocus.com/bid/14532
http://www.securityfocus.com/archive/1/407789
http://www.redhat.com/support/errata/RHSA-2005-267.html
http://www.redhat.com/archives/fedora-announce-list/2005-August/msg00031.html
http://www.novell.com/linux/security/advisories/2005_54_evolution.html
http://www.mandriva.com/security/advisories?name=MDKSA-2005:141
http://www.debian.org/security/2006/dsa-1016
http://secunia.com/advisories/19380