[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE Request: imlib2
From: Pınar Yanardağ <pinar () pardus ! org ! tr>
Date: 2008-11-21 10:06:52
Message-ID: 4926883C.5080505 () pardus ! org ! tr
[Download RAW message or body]
On 11/21/2008 03:35 AM Steven M. Christey wrote:
> SECUNIA:32796 suggests a Debian bug report, but I couldn't quickly find
> it.
>
It seems they've added the reference today:
-----
*Changelog*:
2008-11-21: Added link to "Original Advisory" section.
*Original Advisory*:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505714
----
> ======================================================
> Name: CVE-2008-5187
> Status: Candidate
> URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5187
> Reference: MLIST:[oss-security] 20081120 CVE Request: imlib2
> Reference: URL:http://www.openwall.com/lists/oss-security/2008/11/20/5
> Reference: SECUNIA:32796
> Reference: URL:http://secunia.com/advisories/32796
>
> The load function in the XPM loader for imlib2 1.4.2, and possibly
> other versions, allows attackers to execute arbitrary code via a
> crafted XPM file that triggers a "pointer arithmetic error" and a
> heap-based buffer overflow, a different vulnerability than
> CVE-2008-2426. NOTE: the provenance of this information is unknown;
> the details are obtained solely from third party information.
>
>
>
>
--
Pınar Yanardağ (a.k.a PINguAR)
http://pinguar.org
_____________________________
Pardus Security Team
http://security.pardus.org.tr
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic