Bug#533361: got a CVE id

To: 533361@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Bug#533361: got a CVE id
From: Giuseppe Iuculano <giuseppe@iuculano.it>
Date: Thu, 25 Jun 2009 18:23:08 +0200
Message-id: <[🔎] 4A43A46C.4060808@iuculano.it>
Reply-to: Giuseppe Iuculano <giuseppe@iuculano.it>, 533361@bugs.debian.org

severity 533361 serious
thanks

Hi,

this issue got a CVE id:

CVE-2009-2175[0]:
| Stack-based buffer overflow in the flattenIncrementally function in
| flatten.c in xcftools 1.0.4, as reachable from the (1) xcf2pnm and (2)
| xcf2png utilities, allows remote attackers to cause a denial of
| service (crash) and possibly execute arbitrary code via a crafted
| image that causes a consersion to a location "above or to the left of
| the canvas." NOTE: some of these details are obtained from third party
| information.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2175
    http://security-tracker.debian.net/tracker/CVE-2009-2175

Cheers,
Giuseppe.

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

Follow-Ups:
- Processed: got a CVE id
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Bug#533418: marked as done (gw-fonts-ttf: remove fc-cache call)
Next by Date: Bug#534603: move to section fonts
Previous by thread: ttf-bpg-georgian-fonts_0.5_amd64.changes ACCEPTED
Next by thread: Processed: got a CVE id
Index(es):
- Date
- Thread