[Bug 597957] [NEW] Please sync netpbm-free 2:10.0-12.2 (main) from Debian unstable (main).
Launchpad Bug Tracker
597957 at bugs.launchpad.net
Thu Jun 24 08:29:42 BST 2010
You have been subscribed to a public bug by Daniel Holbach (dholbach):
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
affects ubuntu/netpbm-free
status new
importance wishlist
subscribe ubuntu-main-sponsors
Please sync netpbm-free 2:10.0-12.2 (main) from Debian unstable (main).
Explanation of the Ubuntu delta and why it can be dropped:
We can sync the package as debian has incorporated the CVE fix affecting
ubuntu
Changelog since current maverick version 2:10.0-12.1ubuntu1:
netpbm-free (2:10.0-12.2) unstable; urgency=high
* Non-maintainer upload by the Security Team.
* Fix stack-based buffer overflow when processing XPM
image header fields. This can result in the execution
of arbitrary code (CVE-2009-4274; Closes: #569060)
-- Nico Golde <nion at debian.org> Sun, 20 Jun 2010 14:27:25 +0200
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkwi6WkACgkQUlfC4uPMy3QfEQCg1iHcxtpzB0lOcieHDu0etB3A
wtAAoIInt++3jEaC6pO4N9CFmfEPG+kn
=XGIj
-----END PGP SIGNATURE-----
** Affects: netpbm-free (Ubuntu)
Importance: Wishlist
Status: Triaged
--
Please sync netpbm-free 2:10.0-12.2 (main) from Debian unstable (main).
https://bugs.edge.launchpad.net/bugs/597957
You received this bug notification because you are a member of Ubuntu Package Archive Administrators, which is a direct subscriber.
More information about the ubuntu-archive
mailing list