User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20040913 Firefox/0.10 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20040913 Firefox/0.10 see bug 257314 comment 17 mozilla's source tree should include the latest CVS version of libical from sf.net since the latest release (libical-0.24.RC4) includes a possible buffer overflow. Reproducible: Always Steps to Reproduce:

Mostafa can correct me if I'm wrong, but I believe fixes have been made to the mozilla copy of libical. The thought occurred to me just this morning that merging them is probably a good idea. I suspect each has fixes that the other does not.

john: while i don't doubt that some fixes have been made to the mozilla copy of libical, the particular potential buffer overflow mentioned in bug 257315 is still there. compare: http://lxr.mozilla.org/seamonkey/source/other-licenses/libical/src/libicalvcal/vobject.c#1253 to: http://cvs.sourceforge.net/viewcvs.py/freeassociation/libical/src/libicalvcal/vobject.c?r1=1.3&r2=1.4 i agree that a merge is the correct course of action.

I should have been more clear. I didn't mean to suggest that this bug was fixed in the mozilla copy, just that the they need to be merged and that the merged copy may well resolve this issue.

confirming due to comments.

this is fixed with bug 273447

*** This bug has been marked as a duplicate of 273447 ***

The bugspam monkeys have been set free and are feeding on Calendar :: Internal Components. Be afraid for your sanity!