Bug#551282: advi: integer overflows in camlimages
Package: advi
Version: 1.6.0-12
Severity: serious
Tags: security
Hi,
CVE-2009-2660 and CVE-2009-3296 [0],[1] have recently been published for
camlimages. advi statically links to camlimages, so any issues in that
package are also applicable to advi. DSAs were already issued for
camlimages in etch an lenny, so advi just needs to be relinked using
those new versions. Please coordinate these updates with the security
team. It would also be useful to combine your fix with that for
CVE-2009-2295.
If you fix these vulnerabilities please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2660
http://security-tracker.debian.net/tracker/CVE-2009-2660
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3296
http://security-tracker.debian.net/tracker/CVE-2009-3296
Reply to: