[Bug 1437087] Re: Multiple vulnerabilities in freexl 1.0.0
Bas Couwenberg
1437087 at bugs.launchpad.net
Fri Nov 13 11:49:06 UTC 2015
This fix for this issue caused a regression as discussed on the debian-
gis list:
https://lists.debian.org/debian-gis/2015/11/msg00013.html
In Debian this has been fixed for jessie in freexl (1.0.0g-1+deb8u3) and
wheezy in freexl (1.0.0b-1+deb7u3).
Ubuntu needs the same regression fix for trusty & vivid.
I've prepared updates for the Ubuntu packages in git:
http://anonscm.debian.org/cgit/pkg-grass/freexl.git/?h=ubuntu/trusty
http://anonscm.debian.org/cgit/pkg-grass/freexl.git/?h=ubuntu/vivid
Besides the fix for the regression introduced by afl-
vulnerabilitities.patch, they also contain 32bit-multiplication-
overflow.patch that was included in freexl (1.0.0g-1+deb8u2) for jessie-
security and freexl (1.0.0b-1+deb7u2) for wheezy-security. 32bit-
multiplication-overflow.patch was backported from FreeXL 1.0.2 and
already included in wily & xenial.
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1437087
Title:
Multiple vulnerabilities in freexl 1.0.0
Status in freexl package in Ubuntu:
Fix Released
Status in freexl package in Debian:
Fix Released
Bug description:
Different vulnerabilities were found in freexl
http://seclists.org/oss-sec/2015/q1/1004
These are being fixed in debian (#781228).
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/freexl/+bug/1437087/+subscriptions
More information about the Ubuntu-sponsors
mailing list