[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#550440: advi: CVE-2009-2295 arbitrary code execution

Michael S Gilbert a écrit :
> Package: advi
> Version: 1.6.0-12
> Severity: serious
> Tags: security
> 
> Hi,
> 
> The following CVE (Common Vulnerabilities & Exposures) id was
> published for camlimages.  advi statically links to camlimages, so any
> issues in that package are also applicable to advi.  There were already
> updates to camlimages for etch an lenny, so advi just needs to be
> relinked using those new versions.  Please coordinate these updates with
> the security team.
> 

During last July, Thijs Kinkhorst had some problems to build correctly
build advi on etch because of the LaTeX bomb :)
I've no idea how to fix that issue but, at that time, Moritz Muehlenhoff
mentioned that the problem was fixed in oldstable-proposed and suggested
to use it as a workaround.
Has someone tried to build advi again on etch?

(CC-ing the security team to have more informations)

Cheers,

-- 
Mehdi Dogguy مهدي الدڤي
http://dogguy.org/
Reply to: