Several format string bugs allowed remote attackers to cause evolution to crash or even execute code via full vCard data, contact data from remote LDAP servers, task list data from remote servers (CAN-2005-2549) or calendar entries (CAN-2005-2550).
There is no known workaround, please install the update packages.