Re: any DSA for CAN-2004-1026 ?
Christophe Chisogne <christophe <at> publicityweb.com> writes:
> Seems imlib has multiple overflows vulnerabilities [1,2,3].
Hello,
Just to clarify: These are three different references for the same "multiple
vulnerabilities"-bug not three different vulnerabilities.
(imlib-more-xpm-fixes.patch in Suse's 188.2 is identical to Gentoo's
imlib-1.9.14-sec2.patch.
> Are Woody/Sarge vulnerable? Is a DSA in preparation for it?
[...]
> [1] imlib: Buffer overflows in image decoding
> http://www.gentoo.org/security/en/glsa/glsa-200412-03.xml
>
> [2] CAN-2004-1026
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1026
>
> [3] SUSE Security Summary Report SUSE-SR:2004:003
> http://www.suse.de/de/security/2004_03_sr.html
Debian bugreports have already been filed: #284925 (imlib and imlib+png2) and
#285138 (imlib2).
cu andreas
Reply to: