Re: Bug#787644: libwmf: CVE-2015-0848: heap overflow when decoding BMP images
On Fri, Jun 19, 2015 at 02:07:10PM +0200, Guido Günther wrote:
> On Tue, Jun 16, 2015 at 06:26:31AM +0200, Salvatore Bonaccorso wrote:
> > Hi,
> > A second CVE was assigned for a further issue:
> > http://www.openwall.com/lists/oss-security/2015/06/16/4
> > (CVE-2015-4588).
> Attached debdiff fixes the two CVEs on squeeze-lts. Since sid,jessie and
> wheezy ship basically the same versions it should easily apply there as
> With the patches applied I couldn't reproduce the crashes anymore as
> descibed at:
> I'd appreciate any comments / reviews before releasing the DLA.
I started to work on that for wheezy/jessie (but haven't build those
yet). I can double-check against my patches on the weekend and get
back to you.