Package: gnash Version: 0.7.2-1 Severity: grave Tags: security patch Justification: user security hole
A vulnerability has been found in gnash: CVE-2007-2500: "server/parser/sprite_definition.cpp in GNU Gnash (aka GNU Flash Player) 0.7.2 allows remote attackers to execute arbitrary code via a large number of SHOWFRAME elements within a DEFINESPRITE element, which triggers memory corruption and enables the attacker to call free with an arbitrary address, probably resultant from a buffer overflow." At least 0.7.2-1 in lenny is affected. Please check whether this is fixed in 0.7.2+cvs20070428.1515-1. A patch is at http://savannah.gnu.org/bugs/?19774 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
