Hi, thx for the report. Attached is a patch fixing the buffer overflow. I'll prepare a new release tonight.
On Sun, Jun 28, 2009 at 7:10 PM, <metalho...@hushmail.com> wrote: > Subject: compface: bufer overflow in xbm-file > Package: compface > Version: 1:1.5.2-4 > Severity: grave > Justification: user security hole > Tags: security > > *** Please type your report below this line *** > > please note that serius bufer overflow vuln in compface: > > http://milw0rm.org/exploits/8982 > > -- System Information: > Debian Release: 5.0.2 > APT prefers stable > APT policy: (500, 'stable') > Architecture: i386 (i686) > > Kernel: Linux 2.6.26-2-686 (SMP w/1 CPU core) > Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/bash > > Versions of packages compface depends on: > ii libc6 2.7-18 GNU C Library: Shared > libraries > pi libcompfaceg1 1:1.5.2-4 Compress/decompress > images for mai > > compface recommends no packages. > > compface suggests no packages. > > -- no debconf information > > -- > Improve your driving ability with a stop at traffic school. Click now! > http://tagline.hushmail.com/fc/BLSrjkqhynuzyryeUmYRzlGlYnNeBH1StpEla6mapWGfI2Km3snlzpriJVG/ > > > > -- Håkan Ardö
patch
Description: Binary data