On Sun, 13 Dec 2009 20:32:25 +0100 Erik Schanze wrote: > Hi Michael, > > Michael Gilbert <[email protected]>: > > It is claimed that 2.5.2-1 is still affected by this issue [0]. > > Please check. Thank you. > > > > Please have a look on package changelog: > * Added 10_fix_gif2png_c.dpatch, closes: #550978 > > Because upstream didn't answer my bug forwarding, I added a fix for this > issue as a dpatch in the package by myself. > > Afterwards I checked with the suggested exploit: > --------------------8<---------------------------------------8<------------------------ > e...@neo:~$ gif2png `python -c 'print "A"*2048'` [...] > File name too long > --------------------8<---------------------------------------8<------------------------
ok, i just wanted to see if there was any validity to the full disclosure claims. they said they tested against 2.5.2-1, but they very well could have been mistaken. looks like this can be safely closed. mike -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
