Double-free vulnerability
Bug #190021 reported by
Lionel Le Folgoc
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libxfcegui4 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Dapper |
Fix Released
|
High
|
Gauvain Pocentek | ||
Edgy |
Won't Fix
|
Undecided
|
Unassigned | ||
Feisty |
Fix Released
|
High
|
Gauvain Pocentek | ||
Gutsy |
Fix Released
|
High
|
Gauvain Pocentek | ||
Hardy |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Double-free vulnerability in the Widget Library (libxfcegui4) in Xfce before 4.4.2 might allow remote attackers to execute arbitrary code via unknown vectors related to the "cliend id, program name and working directory in session management."
CVE References
Changed in libxfcegui4: | |
status: | New → Fix Released |
Changed in libxfcegui4: | |
status: | New → Invalid |
Changed in libxfcegui4: | |
status: | Invalid → Won't Fix |
assignee: | nobody → gauvainpocentek |
importance: | Undecided → High |
status: | New → In Progress |
assignee: | nobody → gauvainpocentek |
importance: | Undecided → High |
status: | New → In Progress |
assignee: | nobody → gauvainpocentek |
importance: | Undecided → High |
status: | New → In Progress |
To post a comment you must log in.
These 3 debdiffs build fine, and the resulting packages build/upgrade/ remove/ purge fine too. I'll test them tomorrow.