Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Fri, 21 Nov 2008 12:06:52 +0200
From: Pınar Yanardağ <pinar@...dus.org.tr>
To: oss-security@...ts.openwall.com
Subject: Re: CVE Request: imlib2

On 11/21/2008 03:35 AM Steven M. Christey wrote:
> SECUNIA:32796 suggests a Debian bug report, but I couldn't quickly find
> it.
>   


It seems they've added the reference today:

-----
*Changelog*:
2008-11-21: Added link to "Original Advisory" section.

*Original Advisory*:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505714

----



> ======================================================
> Name: CVE-2008-5187
> Status: Candidate
> URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5187
> Reference: MLIST:[oss-security] 20081120 CVE Request: imlib2
> Reference: URL:http://www.openwall.com/lists/oss-security/2008/11/20/5
> Reference: SECUNIA:32796
> Reference: URL:http://secunia.com/advisories/32796
>
> The load function in the XPM loader for imlib2 1.4.2, and possibly
> other versions, allows attackers to execute arbitrary code via a
> crafted XPM file that triggers a "pointer arithmetic error" and a
> heap-based buffer overflow, a different vulnerability than
> CVE-2008-2426.  NOTE: the provenance of this information is unknown;
> the details are obtained solely from third party information.
>
>
>
>   


-- 
Pınar Yanardağ (a.k.a PINguAR)
http://pinguar.org
_____________________________

Pardus Security Team
http://security.pardus.org.tr

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ