Bug#572811: kfreebsd: CVE-2009-2650 potential code execution

To: submit@bugs.debian.org
Subject: Bug#572811: kfreebsd: CVE-2009-2650 potential code execution
From: Michael Gilbert <michael.s.gilbert@gmail.com>
Date: Sat, 6 Mar 2010 15:23:40 -0500
Message-id: <20100306152340.b70aa194.michael.s.gilbert@gmail.com>
Reply-to: Michael Gilbert <michael.s.gilbert@gmail.com>, 572811@bugs.debian.org

Package: kfreebsd-8
Version: 8.0-4
Severity: important
Tags: security

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for kfreebsd-8.

CVE-2009-2650[0]:
| Heap-based buffer overflow in Sorcerer Software MultiMedia Jukebox 4.0
| Build 020124 allows remote attackers to cause a denial of service
| (application crash) or possibly execute arbitrary code via a crafted
| (1) .m3u or possibly (2) .pst file.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2650
    http://security-tracker.debian.org/tracker/CVE-2009-2650

Reply to:

Follow-Ups:
- Bug#572811: marked as done (kfreebsd: CVE-2009-2649 denial-of-service)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: ZFS tools are in zfs-fuse
Next by Date: Bug#572813: kfreebsd: null ptr dereference
Previous by thread: Re: ZFS tools are in zfs-fuse
Next by thread: Bug#572811: marked as done (kfreebsd: CVE-2009-2649 denial-of-service)
Index(es):
- Date
- Thread