Bug#600900: boson uses a embedded copy of vulnerable lib3ds
Silvio Cesare
silvio.cesare at gmail.com
Thu Oct 21 04:46:34 UTC 2010
Package: boson
Version: 0.13-4+b1
Severity: important
Boson uses an embedded copy of lib3ds 1.3. This version of lib3ds is
vulnerable to http://security-tracker.debian.org/tracker/CVE-2010-0280.
I have not investigated the impact of this vulnerability and how it would be
triggered by boson. The desired outcome is that the system wide library of
lib3ds be used instead of the embedded copy.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-games-devel/attachments/20101021/4af43127/attachment.htm>
More information about the Pkg-games-devel
mailing list