# This doesn't actually have much to do with CAN-2004-0914. retitle 308783 libxpm4: new s_popen() function is insecure garbage # X.Org X11R6.8.2 has code that fixes this. tag 30783 fixed-upstream # David Nusinow is working on this. owne 308783 David Nusinow <dnusinow@debian.org> # XFree86 4.1.0 in woody, which ships the Xpm library in a different # package, has this flaw as well. clone 308783 -1 retitle -1 xlibs: libxpm4's new s_popen() function is insecure garbage reassign -1 xlibs tag -1 woody thanks Matej, If there is a security problem here, and I suppose there is given the failure of s_open() to properly scrutinize its arguments as you indicate, then please contact MITRE and ask for a CAN number, and/or ask freedesktop.org to do so. -- G. Branden Robinson | If atheism is a religion, then Debian GNU/Linux | health is a disease. branden@debian.org | -- Clark Adams http://people.debian.org/~branden/ |
Attachment:
signature.asc
Description: Digital signature