Please sync netpbm-free 2:10.0-12.2 (main) from Debian unstable (main).
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
netpbm-free (Ubuntu) |
Fix Released
|
Wishlist
|
Unassigned |
Bug Description
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
affects ubuntu/netpbm-free
status new
importance wishlist
subscribe ubuntu-
Please sync netpbm-free 2:10.0-12.2 (main) from Debian unstable (main).
Explanation of the Ubuntu delta and why it can be dropped:
We can sync the package as debian has incorporated the CVE fix affecting
ubuntu
Changelog since current maverick version 2:10.0-12.1ubuntu1:
netpbm-free (2:10.0-12.2) unstable; urgency=high
* Non-maintainer upload by the Security Team.
* Fix stack-based buffer overflow when processing XPM
image header fields. This can result in the execution
of arbitrary code (CVE-2009-4274; Closes: #569060)
-- Nico Golde <email address hidden> Sun, 20 Jun 2010 14:27:25 +0200
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkw
wtAAoIInt+
=XGIj
-----END PGP SIGNATURE-----
ACKed.