On Thu Jun 21, 2007 at 20:16:41 +0200, Stefan Fritsch wrote:
> CVE-2006-4168:
> "Integer overflow in the exif_data_load_data_entry function in
> libexif/exif-data.c in Libexif before 0.6.16 allows remote attackers to
> cause a denial of service (application crash) or execute arbitrary code
> via an image with many EXIF components, which triggers a heap-based
> buffer overflow."
>
> This is fixed in 0.6.16, see
> http://sourceforge.net/project/shownotes.php?release_id=515385
This was already fixed, for Sarge + Etch:
http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00070.html
http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00071.html
Steve
--
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]