Re: [DSA 694-1] New xloadimage packages fix several vulnerabilities

To: debian-security@lists.debian.org
Subject: Re: [DSA 694-1] New xloadimage packages fix several vulnerabilities
From: bob@proulx.com (Bob Proulx)
Date: Tue, 22 Mar 2005 10:02:03 -0700
Message-id: <[🔎] 20050322170203.GA15592@dementia.proulx.com>

> Package        : xloadimage
> Vulnerability  : missing input sanitising, integer overflow
> CVE ID         : CAN-2005-0638 CAN-2005-0639
> Debian Bug     : 298926

But the latest security upload changed the dependencies.  Obviously
that was unintentional.  But it is still a bad thing.

From:

  Depends: libc6 (>= 2.2.4-4), libjpeg62, libpng2(>=1.0.12), libtiff3g, xlibs (>> 4.1.0), zlib1g (>= 1:1.1.3)

To:

  Depends: libc6 (>= 2.2.4-4), libjpeg62, libpng3, libtiff3g, xlibs (>> 4.1.0), zlib1g (>= 1:1.1.4)
 
This means that an 'apt-get upgrade' will not satisfy the dependencies
of libpng3 and a dist-upgrade is required.

Can a new upload be made that fixes this problem?

Thanks
Bob

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: [DSA 694-1] New xloadimage packages fix several vulnerabilities
  - From: bob@proulx.com (Bob Proulx)

Prev by Date: Re: xpdf vulnerability?
Next by Date: unsubscribe
Previous by thread: subscribe
Next by thread: Re: [DSA 694-1] New xloadimage packages fix several vulnerabilities
Index(es):
- Date
- Thread