Package: bmv Version: 1.2-17 Severity: grave Tags: security Justification: user security hole
An integer overflow in bmv can lead to a local privilege escalation. Please see http://felinemenace.org/advisories/bmv_advisory.txt for details. This has been assigned CVE-2005-3278, please mention so in the changelog. The advisory mentions another vulnerability, which doesn't affect the binary package, this has been assigned CVE-2005-3279. Cheers, Moritz -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.14-rc1 Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages bmv depends on: ii gs-gpl [gs] 8.15-4 The GPL Ghostscript PostScript int ii libc6 2.3.5-7 GNU C Library: Shared libraries an ii libsvga1 1:1.4.3-22 console SVGA display libraries bmv recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
