Bug#550440: advi: CVE-2009-2295 arbitrary code execution

To: Steffen Joeris <steffen.joeris@skolelinux.de>, 550440@bugs.debian.org
Cc: Michael S Gilbert <michael.s.gilbert@gmail.com>, team@security.debian.org
Subject: Bug#550440: advi: CVE-2009-2295 arbitrary code execution
From: Mehdi Dogguy <mehdi@dogguy.org>
Date: Sun, 11 Oct 2009 12:13:15 +0200
Message-id: <[🔎] 4AD1AFBB.5080600@dogguy.org>
Reply-to: Mehdi Dogguy <mehdi@dogguy.org>, 550440@bugs.debian.org
In-reply-to: <[🔎] 200910111016.42418.steffen.joeris@skolelinux.de>
References: <[🔎] 20091010002905.1e68b8d6.michael.s.gilbert@gmail.com> <[🔎] 4AD0F0A9.2020300@dogguy.org> <[🔎] 200910111016.42418.steffen.joeris@skolelinux.de>

Steffen Joeris a écrit :
> Current problem is not to rebuild advi, but that camlimages' tiffread.c seems 
> to be vulnerable as well. This should be fixed first in a follow-up DSA first. 
> Upstream doesn't seem reachable and the fedora guys don't seem to have time 
> either. Maybe you guys want to look into it?
> 

I can have a look (again :)). I'll send you something in private.

Cheers

-- 
Mehdi Dogguy مهدي الدڤي
http://dogguy.org/

Reply to:

References:
- Bug#550440: advi: CVE-2009-2295 arbitrary code execution
  - From: Michael S Gilbert <michael.s.gilbert@gmail.com>
- Bug#550440: advi: CVE-2009-2295 arbitrary code execution
  - From: Mehdi Dogguy <mehdi@dogguy.org>
- Bug#550440: advi: CVE-2009-2295 arbitrary code execution
  - From: Steffen Joeris <steffen.joeris@skolelinux.de>

Prev by Date: ocaml-sha_1.6-1_i386.changes ACCEPTED
Next by Date: Processed: #541682 fixed
Previous by thread: Bug#550440: advi: CVE-2009-2295 arbitrary code execution
Next by thread: Bug#550441: advi: statically links to camlimages
Index(es):
- Date
- Thread