Per http://svn.debian.org/wsvn/secure-testing/data/embedded-code-
copies?op=file these other packages carry embedded copies of lcms and
should be investigated too.
** Also affects: openjdk-6 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: openjdk-6b18 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: gimp (Ubuntu)
Importance: Undecided
Status: New
** Also affects: ia32-libs (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of OpenJDK,
which is subscribed to openjdk-6 in ubuntu.
https://bugs.launchpad.net/bugs/700198
Title:
CVE-2009-0793
Status in “gimp” package in Ubuntu:
New
Status in “ia32-libs” package in Ubuntu:
New
Status in “lcms” package in Ubuntu:
New
Status in “openjdk-6” package in Ubuntu:
New
Status in “openjdk-6b18” package in Ubuntu:
New
Bug description:
Description
cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and
other products, allows remote attackers to cause a denial of service (NULL
pointer dereference and application crash) via a crafted image that
triggers execution of incorrect code for "transformations of monochrome
profiles."
_______________________________________________
Mailing list: https://launchpad.net/~openjdk
Post to : [email protected]
Unsubscribe : https://launchpad.net/~openjdk
More help : https://help.launchpad.net/ListHelp
