[Pkg-kde-extras] Bug#456760: exiv2: CVE-2007-6353 integer overflow in EXIF parsing
Nico Golde
nion at debian.org
Mon Dec 17 17:42:53 UTC 2007
Package: exiv2
Severity: grave
Tags: patch security
Hi,
an integer overflow was reporting in exiv2's EXIF parsing
code which results in a heap-based buffer overflow.
This is CVE-2007-6353 please include the CVE id in your
changelog if you fix the bug.
Because our stable security team is not able to share
information and work together with the testing security team
I can unfortunately just forward you to the bug trackers of
other distributions.
Please see:
https://bugzilla.redhat.com/show_bug.cgi?id=425921
https://bugs.gentoo.org/show_bug.cgi?id=202351
They also include a patch for the issue.
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-kde-extras/attachments/20071217/766b8921/attachment.pgp
More information about the pkg-kde-extras
mailing list