Re: [Pkg-xfce-devel] xfce4 stable update for CVE-2007-6351

To: debian-release@lists.debian.org, Debian Xfce Maintainers <pkg-xfce-devel@lists.alioth.debian.org>
Subject: Re: [Pkg-xfce-devel] xfce4 stable update for CVE-2007-6351
From: Simon Huggins <huggie@earth.li>
Date: Wed, 30 Jan 2008 00:12:27 +0000
Message-id: <[🔎] 20080130001226.GV7788@paranoidfreak.co.uk>
Mail-followup-to: debian-release@lists.debian.org, Debian Xfce Maintainers <pkg-xfce-devel@lists.alioth.debian.org>
In-reply-to: <[🔎] 20080130000550.GU7788@paranoidfreak.co.uk>
References: <20080129235808.GA12993@ngolde.de> <[🔎] 20080130000550.GU7788@paranoidfreak.co.uk>

On Wed, Jan 30, 2008 at 12:05:50AM +0000, Simon Huggins wrote:
> On Wed, Jan 30, 2008 at 12:58:08AM +0100, Nico Golde wrote:
> > the following CVE (Common Vulnerabilities & Exposures) ids were
> > published for xfce4 some time ago.
> for xfce4?  These concern libexif.  Did you paste the wrong CVEs?

> > CVE-2007-6351[0]:
> > | libexif 0.6.16 and earlier allows context-dependent attackers to cause
> [..]
> > CVE-2007-6352[1]:
> > | Integer overflow in libexif 0.6.16 and earlier allows

Ah, you meant to paste 6531 and 6532 I think.

We'll have a look at them.

Thanks.

-- 
 ,--huggie-at-earth-dot-li--------stuff-thing-stuff----------DF5CE2B4--.
_|    Think of me as CVS with a brain and with some taste. - Linus     |_
 |                              Torvalds                               |
 `-------------------- http://www.earth.li/~huggie/ -------------------'

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- Re: [Pkg-xfce-devel] xfce4 stable update for CVE-2007-6351
  - From: Simon Huggins <huggie@earth.li>

Prev by Date: Re: Bug#462596: openssl: Please include support for tls extensions / server name indication
Next by Date: Re: [Pkg-xfce-devel] xfce4 stable update for CVE-2007-6351
Previous by thread: Re: [Pkg-xfce-devel] xfce4 stable update for CVE-2007-6351
Next by thread: Please remove 'ipxripd' from etch/stable
Index(es):
- Date
- Thread