Bug#551282: advi: integer overflows in camlimages

To: submit@bugs.debian.org
Subject: Bug#551282: advi: integer overflows in camlimages
From: Michael Gilbert <michael.s.gilbert@gmail.com>
Date: Fri, 16 Oct 2009 17:03:58 -0400
Message-id: <[🔎] 20091016170358.c55fd0b1.michael.s.gilbert@gmail.com>
Reply-to: Michael Gilbert <michael.s.gilbert@gmail.com>, 551282@bugs.debian.org

Package: advi
Version: 1.6.0-12
Severity: serious
Tags: security

Hi,

CVE-2009-2660 and CVE-2009-3296 [0],[1] have recently been published for
camlimages. advi statically links to camlimages, so any issues in that
package are also applicable to advi. DSAs were already issued for
camlimages in etch an lenny, so advi just needs to be relinked using
those new versions.  Please coordinate these updates with the security
team.  It would also be useful to combine your fix with that for
CVE-2009-2295.

If you fix these vulnerabilities please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2660
    http://security-tracker.debian.net/tracker/CVE-2009-2660
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3296
    http://security-tracker.debian.net/tracker/CVE-2009-3296

Reply to:

Prev by Date: Processed: tagging as pending bugs that are closed by packages in NEW
Next by Date: Processed: merging 550440 551282
Previous by thread: Processed: tagging as pending bugs that are closed by packages in NEW
Next by thread: Processed: merging 550440 551282
Index(es):
- Date
- Thread