Accepted libmms 0.2-7 (source i386)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 11 Jul 2006 13:11:11 +0200
Source: libmms
Binary: libmms-dev libmms0
Architecture: source i386
Version: 0.2-7
Distribution: unstable
Urgency: high
Maintainer: Loic Minier <lool@dooz.org>
Changed-By: Loic Minier <lool@dooz.org>
Description:
libmms-dev - MMS stream protocol library - development files
libmms0 - MMS stream protocol library
Changes:
libmms (0.2-7) unstable; urgency=high
.
* SECURITY: CVE-2006-2200: buffer overflows in mms / mmsh parsers:
additional fixes thanks to Matthias Hopf:
- even more checks on "packet_length" / "packet_len" in src/mms.c and
src/mmsh.c
- fix memset() calls in the two string_utf16() implementations in
src/mms.c to clear all bytes in dest, "len" is the UTF-16 length of the
string in wide chars, so the memset should use "2 * len".
Files:
3589e26ae8b82bd6186f4823e362da21 590 libs optional libmms_0.2-7.dsc
a7af610a793c7548e556acb131decbde 21491 libs optional libmms_0.2-7.diff.gz
5d6469a82b23eb1bd0c2c664e4d7a899 25178 libdevel optional libmms-dev_0.2-7_i386.deb
7f7e0290776cd402c73b9632587d99c4 21056 libs optional libmms0_0.2-7_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFEs4mE4VUX8isJIMARAmzbAJ9ZKcDSKuvdD79HNy1Iy9a3Mvr/YACeKL55
CWzxkewSIYYD1DQh7C5iSbc=
=t+bX
-----END PGP SIGNATURE-----
Accepted:
libmms-dev_0.2-7_i386.deb
to pool/main/libm/libmms/libmms-dev_0.2-7_i386.deb
libmms0_0.2-7_i386.deb
to pool/main/libm/libmms/libmms0_0.2-7_i386.deb
libmms_0.2-7.diff.gz
to pool/main/libm/libmms/libmms_0.2-7.diff.gz
libmms_0.2-7.dsc
to pool/main/libm/libmms/libmms_0.2-7.dsc
Reply to: