I see, well according to the bug report, its fixed in 2.5.2-1. I tested that version itself and sadly the fix isn't there.
On Sun, Dec 13, 2009 at 1:29 AM, Patroklos Argyroudis <[email protected]>wrote: > On Sat, Dec 12, 2009 at 10:59:28PM +0200, Razuel Akaharnath wrote: > > DESCRIPTION: > > "The gif2png program converts files from the obsolescent Graphic > Interchange > > Format to Portable Network Graphics <http://www.libpng.org/pub/png/>. > The > > conversion preserves all graphic information, including transparency, > > perfectly. The gif2png program can even recover data from corrupted > GIFs." > > > > homepage: http://catb.org/~esr/gif2png/<http://catb.org/%7Eesr/gif2png/>< > http://catb.org/%7Eesr/gif2png/> > > > > VULNERABILITY: > > gif2png does not perform proper bounds checking on the size of input > > filename. The buffer (1025 in size) is easily overrun with a strcpy > > function. > > > > AFFECTED VERSION: > > latest: 2.5.2 > > I have reported this to Debian about two months ago: > > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550978 > > -- > Patroklos Argyroudis > http://www.census-labs.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
