[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE Request: imlib2
From:       Pınar Yanardağ <pinar () pardus ! org ! tr>
Date:       2008-11-21 10:06:52
Message-ID: 4926883C.5080505 () pardus ! org ! tr
[Download RAW message or body]

On 11/21/2008 03:35 AM Steven M. Christey wrote:
> SECUNIA:32796 suggests a Debian bug report, but I couldn't quickly find
> it.
>   


It seems they've added the reference today:

-----
*Changelog*:
2008-11-21: Added link to "Original Advisory" section.

*Original Advisory*:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505714

----



> ======================================================
> Name: CVE-2008-5187
> Status: Candidate
> URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5187
> Reference: MLIST:[oss-security] 20081120 CVE Request: imlib2
> Reference: URL:http://www.openwall.com/lists/oss-security/2008/11/20/5
> Reference: SECUNIA:32796
> Reference: URL:http://secunia.com/advisories/32796
>
> The load function in the XPM loader for imlib2 1.4.2, and possibly
> other versions, allows attackers to execute arbitrary code via a
> crafted XPM file that triggers a "pointer arithmetic error" and a
> heap-based buffer overflow, a different vulnerability than
> CVE-2008-2426.  NOTE: the provenance of this information is unknown;
> the details are obtained solely from third party information.
>
>
>
>   


-- 
Pınar Yanardağ (a.k.a PINguAR)
http://pinguar.org
_____________________________

Pardus Security Team
http://security.pardus.org.tr


[prev in list] [next in list] [prev in thread] [next in thread]