Daniel Kobras wrote:
> The attached patches fix a regression introduced while trying to plug
> CVE-2006-5456. It's due to a textbook example of a coding error that I
> cannot blame on anybody else but me. A malicious image file in PALM
> format can still circumvent a range check and cause a buffer overflow.
> Other vendors refer to this vulnerability as CVE-2007-0770. The new patch
> appears to originate from Vladimir Nadvornik, at least I dug it out of
> his OpenSuSE packages. I'll fix my own mess in unstable unless Ryuichi
> objects. As sarge is affected as well, I'd like to ask the security team
> to release another DSA. The debdiffs for both sid and sarge are
> attached.
Thanks, update is building.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
