Package: lcms Severity: important Tags: security Hi, a minor denial of service security issue has been found in lcms:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0793: cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted image that triggers execution of incorrect code for "transformations of monochrome profiles." Patch available at: https://bugzilla.redhat.com/attachment.cgi?id=337279 This issue doesn't warrant a DSA by itself. If you want to see it fixed, you could prepare an update for a stable point update. In that case, please send a proposed debdiff to debian-rele...@lists.debian.org Cheers, Moritz -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.29-2-686 (SMP w/1 CPU core) Locale: LANG=C, lc_ctype=de_de.iso-8859...@euro (charmap=ISO-8859-15) Shell: /bin/sh linked to /bin/bash _______________________________________________ Secure-testing-team mailing list Secure-testing-team@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
