[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#535909: camlimages: CVE-2009-2295 several integer overflows

Hello,

On Sun, Jul 05, 2009 at 07:38:51PM -0400, Michael S. Gilbert wrote:
> package: camlimages
> version: 2.20-8
> severity: serious
> tags: security
> 
> hello,
> 
> camlimages is vulnerable to several integer overflows [1].  this has
> not yet been fixed upstream, but has been addressed by redhat [2].
> 
> [1] http://www.ocert.org/advisories/ocert-2009-009.html
> [2] https://bugzilla.redhat.com/show_bug.cgi?id=509531
> 

Patch has already been applied for sid version (3.0.1-2), migration to
lenny is blocked by current OCaml 3.11.1 transition. 

We need to patch lenny (2.2.0-4), but you seems to use etch (2.20-8).

Regards
Sylvain Le Gall
Reply to: