Package: dillo Version: 0.8.1-1 Severity: grave Tags: pending security sarge
The problem below seems to be fixed in the version in sid (0.8.3-1) but not yet in the version in sarge), hence this bug report. This bug report is meant to track this issue. Please close it when the fixed pacakge enters sarge. ====================================================== Candidate: CAN-2005-0012 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0012 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20050104 Category: SF Reference: GENTOO:GLSA-200501-11 Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200501-11.xml Reference: BID:12203 Reference: URL:http://www.securityfocus.com/bid/12203 Reference: SECUNIA:13760 Reference: URL:http://secunia.com/advisories/13760/ Reference: XF:dillo-capi-format-string(18807) Reference: URL:http://xforce.iss.net/xforce/xfdb/18807 Format string vulnerability in the a_Interface_msg function in Dillo before 0.8.3-r4 allows remote attackers to execute arbitrary code via format string specifiers in a web page. Regards, Joey -- There are lies, statistics and benchmarks. Please always Cc to me when replying to me on the lists. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
