Bug#298939: libxpm4: new buffer overflow security hole (CAN-2005-0605)

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#298939: libxpm4: new buffer overflow security hole (CAN-2005-0605)
From: Branden Robinson <branden@debian.org>
Date: Thu, 10 Mar 2005 14:01:37 -0500
Message-id: <[🔎] 20050310190137.18D7E68C024@sisyphus.deadbeast.net>
Reply-to: Branden Robinson <branden@debian.org>, 298939@bugs.debian.org

Package: libxpm4
Version: 4.3.0.dfsg.1-12
Severity: grave
Tags: security, upstream, fixed-upstream, patch

CAN-2005-0605 indicates that "scan.c for LibXPM may allow attackers to
execute arbitrary code via a negative bitmap_unit value that leads to a
buffer overflow."

Patch is here:

https://bugs.freedesktop.org/attachment.cgi?id=1909

Description is here:

https://bugs.freedesktop.org/show_bug.cgi?id=1920

Gentoo issued an advisory about this on 4 March.

Ubuntu issued an advisory about this on 7 March.

I learned about this from Linux Weekly News.

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing')
Architecture: powerpc (ppc)
Kernel: Linux 2.6.9-powerpc-smp
Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages libxpm4 depends on:
ii  libc6                       2.3.2.ds1-20 GNU C Library: Shared libraries an

-- no debconf information

Reply to:

Prev by Date: Processed: retitle 298538 to xfree86: updated Spanish debconf template translations
Next by Date: X Strike Force X.Org X11 SVN commit: r32 - in trunk: debian debian/patches xc/config/cf
Previous by thread: Processed: retitle 298538 to xfree86: updated Spanish debconf template translations
Next by thread: X Strike Force X.Org X11 SVN commit: r32 - in trunk: debian debian/patches xc/config/cf
Index(es):
- Date
- Thread