Hi Moritz, Am 18.08.2015 um 15:37 schrieb Moritz Muehlenhoff: > ------------------------------------------------------------------------- > Debian Security Advisory DSA-3337-1 security@debian.org > https://www.debian.org/security/ Moritz Muehlenhoff > August 18, 2015 https://www.debian.org/security/faq > ------------------------------------------------------------------------- > > Package : gdk-pixbuf > CVE ID : CVE-2015-4491 > > Gustavo Grieco discovered a heap overflow in the processing of BMP images > which may result in the execution of arbitrary code if a malformed image > is opened. > > For the oldstable distribution (wheezy), this problem has been fixed > in version 2.26.1-1+deb7u1. > > For the stable distribution (jessie), this problem has been fixed in > version 2.31.1-2+deb8u2. Thanks for taking care of this. From a cursory glance, the patch in 2.31.1-2+deb8u2 seems to be incomplete and is missing the follow-up commit [1]. I'll update the package in unstable. Would be great if you can handle the stable upload. Regards, Michael [1] https://git.gnome.org/browse/gdk-pixbuf/commit/?id=8dba67cb4f38d62a47757741ad41e3f245b4a32a -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth?
Attachment:
signature.asc
Description: OpenPGP digital signature