Package: libxpm4 Version: 4.3.0.dfsg.1-12 Severity: grave Tags: security, upstream, fixed-upstream, patch
CAN-2005-0605 indicates that "scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow." Patch is here: https://bugs.freedesktop.org/attachment.cgi?id=1909 Description is here: https://bugs.freedesktop.org/show_bug.cgi?id=1920 Gentoo issued an advisory about this on 4 March. Ubuntu issued an advisory about this on 7 March. I learned about this from Linux Weekly News. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing') Architecture: powerpc (ppc) Kernel: Linux 2.6.9-powerpc-smp Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages libxpm4 depends on: ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
