On Thu Jun 21, 2007 at 20:16:41 +0200, Stefan Fritsch wrote: > CVE-2006-4168: > "Integer overflow in the exif_data_load_data_entry function in > libexif/exif-data.c in Libexif before 0.6.16 allows remote attackers to > cause a denial of service (application crash) or execute arbitrary code > via an image with many EXIF components, which triggers a heap-based > buffer overflow." > > This is fixed in 0.6.16, see > http://sourceforge.net/project/shownotes.php?release_id=515385
This was already fixed, for Sarge + Etch: http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00070.html http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00071.html Steve -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]