[Bug 16687] dia: Arbitrary code execution when importing a .svg file
bugzilla-daemon at bugzilla.ubuntu.com
bugzilla-daemon at bugzilla.ubuntu.com
Sun Oct 2 19:16:38 UTC 2005
Please do not reply to this email. You can add comments at
http://bugzilla.ubuntu.com/show_bug.cgi?id=16687
Ubuntu | dia
------- Additional Comments From debzilla at ubuntu.com 2005-10-02 20:16 UTC -------
Message-Id: <E1EM8dD-0005cx-00 at spohr.debian.org>
Date: Sun, 02 Oct 2005 11:32:15 -0700
From: Roland Stigge <stigge at antcom.de>
To: 330890-close at bugs.debian.org
Subject: Bug#330890: fixed in dia 0.94.0-15
Source: dia
Source-Version: 0.94.0-15
We believe that the bug you reported is fixed in the latest version of
dia, which is due to be installed in the Debian FTP archive:
dia-common_0.94.0-15_all.deb
to pool/main/d/dia/dia-common_0.94.0-15_all.deb
dia-gnome_0.94.0-15_i386.deb
to pool/main/d/dia/dia-gnome_0.94.0-15_i386.deb
dia-libs_0.94.0-15_i386.deb
to pool/main/d/dia/dia-libs_0.94.0-15_i386.deb
dia_0.94.0-15.diff.gz
to pool/main/d/dia/dia_0.94.0-15.diff.gz
dia_0.94.0-15.dsc
to pool/main/d/dia/dia_0.94.0-15.dsc
dia_0.94.0-15_i386.deb
to pool/main/d/dia/dia_0.94.0-15_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 330890 at bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Roland Stigge <stigge at antcom.de> (supplier of updated dia package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster at debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 2 Oct 2005 19:25:21 +0200
Source: dia
Binary: dia-libs dia-common dia-gnome dia
Architecture: source i386 all
Version: 0.94.0-15
Distribution: unstable
Urgency: low
Maintainer: Debian Dia Team <pkg-dia-team at lists.alioth.debian.org>
Changed-By: Roland Stigge <stigge at antcom.de>
Description:
dia - Diagram editor
dia-common - Diagram editor (common files)
dia-gnome - Diagram editor (GNOME version)
dia-libs - Diagram editor (library files)
Closes: 330890
Changes:
dia (0.94.0-15) unstable; urgency=low
.
* Sanitize the Python SVG file handling to avoid arbitary code execution.
[CAN-2005-2966] (Closes: #330890)
Files:
506554625a802eeb4bcc648cf2f1c6d7 946 graphics optional dia_0.94.0-15.dsc
39880ae95198c493f52ef7563a26ebf9 28521 graphics optional dia_0.94.0-15.diff.gz
38d7500af527337d07efa6d2d536faf3 2149438 graphics optional dia-common_0.94.0-15_all.deb
c9c9dc044919ba44e6a9171e2d04ba07 555344 graphics optional dia-libs_0.94.0-15_i386.deb
79f84534443b62da07fcbb3671d8c9a9 176616 graphics optional dia_0.94.0-15_i386.deb
25d2b0127c569cc0d7718cb7daa7cc6f 178066 gnome optional dia-gnome_0.94.0-15_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDQCICcaH/YBv43g8RAjfuAJ93Y/R32vZtQV/iUCVvixIb0ALBCACeJxOM
u8fw4p1hPOTXlCjpwQtDy4I=
=YoTT
-----END PGP SIGNATURE-----
--
Configure bugmail: http://bugzilla.ubuntu.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
More information about the desktop-bugs
mailing list