[Bug 305623] [NEW] Possible string format attack

Emilio Pozuelo Monfort Fri, 05 Dec 2008 14:56:34 -0800

*** This bug is a security vulnerability ***

Public security bug reported:


Binary package hint: vinagre

There's a security issue in Vinagre, where a user could cause a string
format attack.

These are the relevant upstream commits:
http://svn.gnome.org/viewvc/vinagre?view=revision&revision=528 (for hardy)
http://svn.gnome.org/viewvc/vinagre?view=revision&revision=525 (for intrepid 
and jaunty)

The problem is in src/vinagre-utils.c @ vinagre_utils_show_error, which
is used in vinagre-commands.c @ vinagre_cmd_machine_open via
vinagre_utils_show_many_errors.

The affected releases are Hardy, Intrepid and Jaunty.

Thanks Kees and James for your help!

** Affects: vinagre (Ubuntu)
     Importance: High
         Status: Triaged

** Affects: vinagre (Ubuntu Hardy)
     Importance: Undecided
         Status: New

** Affects: vinagre (Ubuntu Intrepid)
     Importance: Undecided
         Status: New

** Visibility changed to: Public

** Changed in: vinagre (Ubuntu)
   Importance: Undecided => High
       Status: New => Triaged

-- 
Possible string format attack
https://bugs.launchpad.net/bugs/305623
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to vinagre in ubuntu.

-- 
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs

[Bug 305623] [NEW] Possible string format attack

Reply via email to