[Bug 16687] dia: Arbitrary code execution when importing a .svg file
bugzilla-daemon at bugzilla.ubuntu.com
bugzilla-daemon at bugzilla.ubuntu.com
Tue Oct 4 10:39:50 UTC 2005
Please do not reply to this email. You can add comments at
http://bugzilla.ubuntu.com/show_bug.cgi?id=16687
Ubuntu | dia
martin.pitt at ubuntu.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |ASSIGNED
Ever Confirmed|0 |1
Status Whiteboard| |breezy: fixed, hoary:
| |vulnerable, warty: not
| |affected
------- Additional Comments From martin.pitt at ubuntu.com 2005-10-04 11:39 UTC -------
dia (0.94.0-11ubuntu1) breezy; urgency=low
.
* SECURITY UPDATE: Fix arbitrary code execution.
* plug-ins/python/diasvg_import.py:
- Properly escape quotes to prevent python code injection in imported SVG
documents.
- CAN-2005-2966
Hoary update is in preparation.
--
Configure bugmail: http://bugzilla.ubuntu.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
More information about the desktop-bugs
mailing list