Hello,
Same issue as my previous emails. camlimage is modified in Ubuntu. I
think the security issue is fixed in latest Debian package.
(confirmation?) What about the coma added to Build: header?
https://patches.ubuntu.com/c/camlimages/camlimages_1:3.0.1-1ubuntu1.patch
diff -pruN 1:3.0.1-1/debian/changelog 1:3.0.1-1ubuntu1/debian/changelog
--- 1:3.0.1-1/debian/changelog 2009-07-07 18:20:29.000000000 +0100
+++ 1:3.0.1-1ubuntu1/debian/changelog 2009-07-07 18:17:32.000000000 +0100
@@ -1,3 +1,12 @@
+camlimages (1:3.0.1-1ubuntu1) karmic; urgency=low
+
+ * debian/patches/fix_integer_overflows.dpatch:
+ Add patch from ocamlimages 1:3.0.1-2 to fix CVE-2009-2295 as we don't want
+ to transition to OCaml 3.11.1 yet.
+ * debian/control: Add missing comma in Build-Depends (lp: #391546).
+
+ -- Michael Bienia <geser@ubuntu.com> Tue, 07 Jul 2009 16:54:47 +0200
+