Re: any DSA for CAN-2004-1026 ?

To: debian-security@lists.debian.org
Subject: Re: any DSA for CAN-2004-1026 ?
From: Andreas Metzler <ametzler@logic.univie.ac.at>
Date: Sat, 11 Dec 2004 09:52:33 +0000 (UTC)
Message-id: <[🔎] loom.20041211T103326-370@post.gmane.org>
References: <[🔎] 41B97BC3.1040701@publicityweb.com>

Christophe Chisogne <christophe <at> publicityweb.com> writes:
> Seems imlib has multiple overflows vulnerabilities [1,2,3].

Hello,
Just to clarify: These are three different references for the same "multiple
vulnerabilities"-bug not three different vulnerabilities.
(imlib-more-xpm-fixes.patch in Suse's 188.2 is identical to Gentoo's
imlib-1.9.14-sec2.patch.

> Are Woody/Sarge vulnerable? Is a DSA in preparation for it?
[...]
> [1] imlib: Buffer overflows in image decoding
> http://www.gentoo.org/security/en/glsa/glsa-200412-03.xml
> 
> [2] CAN-2004-1026
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1026
> 
> [3] SUSE Security Summary Report SUSE-SR:2004:003
> http://www.suse.de/de/security/2004_03_sr.html

Debian bugreports have already been filed: #284925 (imlib and imlib+png2) and
#285138 (imlib2).
          cu andreas

Reply to:

References:
- any DSA for CAN-2004-1026 ?
  - From: Christophe Chisogne <christophe@publicityweb.com>

Prev by Date: any DSA for CAN-2004-1026 ?
Next by Date: Re: any DSA for CAN-2004-1026 ?
Previous by thread: any DSA for CAN-2004-1026 ?
Next by thread: Re: any DSA for CAN-2004-1026 ?
Index(es):
- Date
- Thread