Re: Bug#786783: ufraw: CVE-2015-3885: input sanitization flaw leading to buffer overflow

To: Hubert Chathi <uhoreg@debian.org>
Cc: debian-release@lists.debian.org, Salvatore Bonaccorso <carnil@debian.org>, 786783@bugs.debian.org
Subject: Re: Bug#786783: ufraw: CVE-2015-3885: input sanitization flaw leading to buffer overflow
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Wed, 03 Jun 2015 17:55:37 +0100
Message-id: <[🔎] 203e1231b7fc0db42af191f0e7508cc5@mail.adam-barratt.org.uk>
In-reply-to: <[🔎] 87h9qoye6k.fsf@desiato.home.uhoreg.ca>
References: <20150525144000.12655.81672.reportbug@eldamar.local> <[🔎] 87h9qoye6k.fsf@desiato.home.uhoreg.ca>

On 2015-06-03 17:00, Hubert Chathi wrote:

I have fixed the security issue below for ufraw.  The security team has
marked the issue as no-dsa, but has suggested that it be fixed via
jessie-pu.  Please let us know whether this update will be allowed.  (I
understand that we'll miss the point release this Saturday.)

Here is an interdiff between the current jessie version and the updated
version:


Please file a p-u bug against the release.debian.org psuedo-package.

Regards,

Adam

Reply to:

References:
- Re: Bug#786783: ufraw: CVE-2015-3885: input sanitization flaw leading to buffer overflow
  - From: Hubert Chathi <uhoreg@debian.org>

Prev by Date: Re: Bug#786783: ufraw: CVE-2015-3885: input sanitization flaw leading to buffer overflow
Next by Date: Bug#787636: jessie-pu: package postgresql-9.4/9.4.3-0+deb8u1
Previous by thread: Re: Bug#786783: ufraw: CVE-2015-3885: input sanitization flaw leading to buffer overflow
Next by thread: Processed: haskell-hopenpgp-tools: FTBFS: Module `Data.Conduit.OpenPGP.Filter' does not export `Exp(..)'
Index(es):
- Date
- Thread