Bug#400303: fvwm: CRLF injection in fvwm-menu-directory (CVE-2006-5969) also in stable

Fri, 24 Nov 2006 20:41:55 -0800 

Package: fvwm
Version: 2.5.12-5
Severity: grave
Tags: stable, security

Hi,

the CRLF injection in fvwm-menu-directory (CVE-2006-5969) as
documented at

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5969
http://www.gentoo-portage.com/x11-wm/fvwm/ChangeLog
http://thread.gmane.org/gmane.comp.window-managers.fvwm.devel/2419/focus=2419

which has been fixed in Sid with the upload of 1:2.5.18-2 on 10th of
November 2006 also exist in Sarge's version of fvwm and should be
fixed there, too.

-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.4.33.2-1-dphys-k8-smp-64gb
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages fvwm depends on:
ii  gdk-imlib1         1.9.14-16.2           imaging library for use with gtk (
ii  libc6              2.3.2.ds1-22sarge4    GNU C Library: Shared libraries an
ii  libfontconfig1     2.3.1-2               generic font configuration library
ii  libfreetype6       2.1.7-6               FreeType 2 font engine, shared lib
ii  libfribidi0        0.10.4-6              Free Implementation of the Unicode
ii  libglib1.2         1.2.10-9              The GLib library of C routines
ii  libgtk1.2          1.2.10-17             The GIMP Toolkit set of widgets fo
ii  libice6            4.3.0.dfsg.1-14sarge2 Inter-Client Exchange library
ii  libncurses5        5.4-4                 Shared libraries for terminal hand
ii  libpng12-0         1.2.8rel-1            PNG library - runtime
ii  libreadline4       4.3-11                GNU readline and history libraries
ii  librplay3          3.3.2-8               Shared libraries for the rplay net
ii  libsm6             4.3.0.dfsg.1-14sarge2 X Window System Session Management
ii  libstroke0         0.5.1-4               support for mouse strokes like tho
ii  libx11-6           4.3.0.dfsg.1-14sarge2 X Window System protocol client li
ii  libxext6           4.3.0.dfsg.1-14sarge2 X Window System miscellaneous exte
ii  libxft2            2.1.7-1               FreeType-based font drawing librar
ii  libxi6             4.3.0.dfsg.1-14sarge2 X Window System Input extension li
ii  libxpm4            4.3.0.dfsg.1-14sarge2 X pixmap library
ii  libxrender1        0.8.3-7               X Rendering Extension client libra
ii  xlibs              4.3.0.dfsg.1-14sarge2 X Keyboard Extension (XKB) configu
ii  zlib1g             1:1.2.2-4.sarge.2     compression library - runtime

-- debconf information:
  fvwm/upgrade/pre_2.5.8: false


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to