[Bug 53987] Please sync libdumb (universe) from unstable
Martin Pitt
martin.pitt at ubuntu.com
Tue Jul 25 06:43:03 BST 2006
Public bug reported:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
affects distros/ubuntu/libdumb
status confirmed
subscribe ubuntu-archive
Please sync libdumb (universe) from Debian unstable.
Changelog since current edgy version 1:0.9.3-4:
libdumb (1:0.9.3-5) unstable; urgency=critical
* Set urgency=critical because of security fix.
* debian/patches/100_CVE-2006-3668.diff:
+ Fix for CVE-2006-3668 "Heap-based buffer overflow in the it_read_envelope
function in Dynamic Universal Music Bibliotheque (DUMB) 0.9.3 and
earlier, and current CVS as of 20060716, allows user-complicit attackers
to execute arbitrary code via a ".it" (Impulse Tracker) file with an
enveloper with a large number of nodes." (Closes: #379064).
* debian/control:
+ Set policy to 3.7.2.
-- Sam Hocevar (Debian packages) <sam+deb at zoy.org> Fri, 21 Jul 2006
11:07:45 +0200
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFExa9eDecnbV4Fd/IRAq2OAJ4vbpzBb2Hus09wDoBBIJSZ0AsMPwCfWwDJ
V4JYVIJ/djSPXfCvDpkaESA=
=4+pq
-----END PGP SIGNATURE-----
** Affects: libdumb (Ubuntu)
Importance: Untriaged
Status: Confirmed
--
Please sync libdumb (universe) from unstable
https://launchpad.net/bugs/53987
More information about the ubuntu-archive
mailing list