Bug#535909: camlimages: CVE-2009-2295 several integer overflows
Hello,
On Sun, Jul 05, 2009 at 07:38:51PM -0400, Michael S. Gilbert wrote:
> package: camlimages
> version: 2.20-8
> severity: serious
> tags: security
>
> hello,
>
> camlimages is vulnerable to several integer overflows [1]. this has
> not yet been fixed upstream, but has been addressed by redhat [2].
>
> [1] http://www.ocert.org/advisories/ocert-2009-009.html
> [2] https://bugzilla.redhat.com/show_bug.cgi?id=509531
>
Patch has already been applied for sid version (3.0.1-2), migration to
lenny is blocked by current OCaml 3.11.1 transition.
We need to patch lenny (2.2.0-4), but you seems to use etch (2.20-8).
Regards
Sylvain Le Gall
Reply to: