[Bug 16687] dia: Arbitrary code execution when importing a .svg file

bugzilla-daemon at bugzilla.ubuntu.com bugzilla-daemon at bugzilla.ubuntu.com
Sun Oct 2 19:01:45 UTC 2005 

Please do not reply to this email.  You can add comments at
http://bugzilla.ubuntu.com/show_bug.cgi?id=16687
Ubuntu | dia





------- Additional Comments From debzilla at ubuntu.com  2005-10-02 20:01 UTC -------
Message-Id: <E1EM8Ob-0001xj-00 at spohr.debian.org>
Date: Sun, 02 Oct 2005 11:17:09 -0700
From: Roland Stigge <stigge at antcom.de>
To: control at bugs.debian.org
Cc: Roland Stigge <stigge at antcom.de>, Debian Dia Team <pkg-dia-team at lists.alioth.debian.org>
Subject: Fixed in upload of dia 0.94.0+CVS20050917-3 to experimental

tag 330890 + fixed-in-experimental

quit

This message was generated automatically in response to an
upload to the experimental distribution.  The .changes file follows.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun,  2 Oct 2005 19:45:28 +0200
Source: dia
Binary: dia-libs dia-common dia-gnome dia
Architecture: source i386 all
Version: 0.94.0+CVS20050917-3
Distribution: experimental
Urgency: low
Maintainer: Debian Dia Team <pkg-dia-team at lists.alioth.debian.org>
Changed-By: Roland Stigge <stigge at antcom.de>
Description: 
 dia        - Diagram editor
 dia-common - Diagram editor (common files)
 dia-gnome  - Diagram editor (GNOME version)
 dia-libs   - Diagram editor (library files)
Closes: 330890
Changes: 
 dia (0.94.0+CVS20050917-3) experimental; urgency=low
 .
   * Sanitize the Python SVG file handling to avoid arbitary code execution.
     [CAN-2005-2966] (Closes: #330890)
Files: 
 8c64f4cbc4b6b94e3f26913464618f98 980 graphics optional dia_0.94.0+CVS20050917-3.dsc
 7874f799fb3849d68dedb6ca275156c2 15251 graphics optional dia_0.94.0+CVS20050917-3.diff.gz
 9e334ee59a4290600acac571d594d051 3754222 graphics optional dia-common_0.94.0+CVS20050917-3_all.deb
 8afd6ac766a24ad8828a3d510cf8a779 581538 graphics optional dia-libs_0.94.0+CVS20050917-3_i386.deb
 89cd40d449dfaba050a656f85ffe37ea 182672 graphics optional dia_0.94.0+CVS20050917-3_i386.deb
 e764c63b290a78e16ed17472977b4385 183834 gnome optional dia-gnome_0.94.0+CVS20050917-3_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDQCG5caH/YBv43g8RAggsAKC+nMQTrFL+fSM/da8fGmDowuFJLwCgiOZF
OEkuS7zLSy74VUBR0Q1CxeY=
=cZ5y
-----END PGP SIGNATURE-----





-- 
Configure bugmail: http://bugzilla.ubuntu.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.

More information about the desktop-bugs mailing list