Package: libxpm4 Version: 4.3.0.dfsg.1-12 Severity: grave Tags: security, upstream, fixed-upstream, patch
CAN-2005-0605 indicates that "scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow."
Patch is here:
https://bugs.freedesktop.org/attachment.cgi?id=1909
Description is here:
https://bugs.freedesktop.org/show_bug.cgi?id=1920
Gentoo issued an advisory about this on 4 March.
Ubuntu issued an advisory about this on 7 March.
I learned about this from Linux Weekly News.
-- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing') Architecture: powerpc (ppc) Kernel: Linux 2.6.9-powerpc-smp Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages libxpm4 depends on: ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an
-- no debconf information
Package: libxpm4
Version: 4.3.0.dfsg.1-12
Severity: grave
Tags: security, upstream, fixed-upstream, patch
CAN-2005-0605 indicates that "scan.c for LibXPM may allow attackers to
execute arbitrary code via a negative bitmap_unit value that leads to a
buffer overflow."
Patch is here:
https:/ /bugs.freedeskt op.org/ attachment. cgi?id= 1909
Description is here:
https:/ /bugs.freedeskt op.org/ show_bug. cgi?id= 1920
Gentoo issued an advisory about this on 4 March.
Ubuntu issued an advisory about this on 7 March.
I learned about this from Linux Weekly News.
-- System Information: en_US.UTF- 8 (charmap=UTF-8)
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing')
Architecture: powerpc (ppc)
Kernel: Linux 2.6.9-powerpc-smp
Locale: LANG=C, LC_CTYPE=
Versions of packages libxpm4 depends on:
ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an
-- no debconf information