Bug#535909: camlimages: CVE-2009-2295 several integer overflows

To: "Michael S. Gilbert" <michael.s.gilbert@gmail.com>, 535909@bugs.debian.org
Cc: security@debian.org
Subject: Bug#535909: camlimages: CVE-2009-2295 several integer overflows
From: Stefano Zacchiroli <zack@debian.org>
Date: Mon, 6 Jul 2009 09:38:39 +0200
Message-id: <[🔎] 20090706073839.GA4170@usha.takhisis.invalid>
Mail-followup-to: "Michael S. Gilbert" <michael.s.gilbert@gmail.com>, 535909@bugs.debian.org, security@debian.org
Reply-to: Stefano Zacchiroli <zack@debian.org>, 535909@bugs.debian.org
In-reply-to: <[🔎] 20090705193851.87faf38f.michael.s.gilbert@gmail.com>
References: <[🔎] 20090705193851.87faf38f.michael.s.gilbert@gmail.com>

On Sun, Jul 05, 2009 at 07:38:51PM -0400, Michael S. Gilbert wrote:
> package: camlimages
> version: 2.20-8
> severity: serious
> tags: security
> 
> hello,
> 
> camlimages is vulnerable to several integer overflows [1].  this has
> not yet been fixed upstream, but has been addressed by redhat [2].

Thanks, we're aware of that. The patch has already been applied in the
unstable version and the security team has already been notified
too. Stay tuned for a fix in stable.

Cheers.

-- 
Stefano Zacchiroli -o- PhD in Computer Science \ PostDoc @ Univ. Paris 7
zack@{upsilon.cc,pps.jussieu.fr,debian.org} -<>- http://upsilon.cc/zack/
Dietro un grande uomo c'è ..|  .  |. Et ne m'en veux pas si je te tutoie
sempre uno zaino ...........| ..: |.... Je dis tu à tous ceux que j'aime

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- Bug#535909: camlimages: CVE-2009-2295 several integer overflows
  - From: "Michael S. Gilbert" <michael.s.gilbert@gmail.com>

Prev by Date: Bug#535909: camlimages: CVE-2009-2295 several integer overflows
Next by Date: Bug#535909: camlimages: CVE-2009-2295 several integer overflows
Previous by thread: Bug#535909: camlimages: CVE-2009-2295 several integer overflows
Next by thread: Bug#535909: camlimages: CVE-2009-2295 several integer overflows
Index(es):
- Date
- Thread