[Python-modules-team] Bug#570068: pyfribidi: heap-based buffer overflow
Jakub Wilk
jwilk at debian.org
Tue Feb 16 08:44:03 UTC 2010
Package: pyfribidi
Version: 0.6-1
Severity: grave
Tags: security
Justification: user security hole
pyfribidi is susceptible to heap-based buffer overflows, see the
upstream bugreport:
http://sourceforge.net/tracker/?func=detail&aid=2676136&group_id=158366&atid=807545
Unfortunately, the upstream "fix" for this problem intoroduced in
pyfribidi 0.9 only made the bug more blatant.
According to the original reporter, pyfribidi is affected only if
fribidi >= 0.19.1 is installed. If this is actually the case, the bug is
a non-issue for lenny.
--
Jakub Wilk
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/python-modules-team/attachments/20100216/608ee555/attachment.pgp>
More information about the Python-modules-team
mailing list