[Bug 198742] Re: [evolution] [CVE-2008-0072] format string error, possible arbitrary code execution
Has just been fixed in Debian, see DSA-1512-1 (http://www.debian.org/security/2008/dsa-1512) (link may not work until the page has been generated). -- [evolution] [CVE-2008-0072] format string error, possible arbitrary code execution https://bugs.launchpad.net/bugs/198742 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to evolution in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 198742] [NEW] [evolution] [CVE-2008-0072] format string error, possible arbitrary code execution
*** This bug is a security vulnerability *** Public security bug reported: Binary package hint: evolution References: SA29057 (http://secunia.com/advisories/29057/) Quoting: "Secunia Research has discovered a vulnerability in Evolution, which can be exploited by malicious people to compromise a vulnerable system. A format string error in the "emf_multipart_encrypted()" function in mail/em-format.c when displaying data (i.e. the "Version:" field) from an encrypted e-mail message can be exploited to execute arbitrary code via a specially crafted e-mail message. Successful exploitation requires that the user selects a malicious e-mail message. The vulnerability is confirmed in version 2.12.3. Other versions may also be affected." ** Affects: evolution (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-0072 -- [evolution] [CVE-2008-0072] format string error, possible arbitrary code execution https://bugs.launchpad.net/bugs/198742 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to evolution in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 125237] Re: [GIMP] Multiple Integer Overflow Vulnerabilities (CVE-2006-4519)
Bug report can be closed for Ubuntu since updated packages for the stable releases are available (USN-494-1). (http://www.ubuntu.com/usn/usn-494-1) -- [GIMP] Multiple Integer Overflow Vulnerabilities (CVE-2006-4519) https://bugs.launchpad.net/bugs/125237 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is a bug contact for gimp in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 125237] Re: [GIMP] Multiple Integer Overflow Vulnerabilities
** Visibility changed to: Public -- [GIMP] Multiple Integer Overflow Vulnerabilities https://bugs.launchpad.net/bugs/125237 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is a bug contact for gimp in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 123972] Gimp PSD Plugin Integer Overflow Vulnerability
Public bug reported: Binary package hint: gimp >From http://secunia.com/secunia_research/2007-63/advisory : -- Affected Software: Gimp 2.2.15 (Other versions may also be affected.) -- Severity: Rating: Moderately Critical Impact: System Access Where: Remote -- Description of Vulnerability: Secunia Research has discovered a vulnerability in Gimp, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an integer overflow within the function "seek_to_and_unpack_pixeldata()" in plug-ins/common/psd.c. This can be exploited to cause a heap-based buffer overflow by tricking a user into opening a specially crafted PSD file with large width or height values. Successful exploitation may allow execution of arbitrary code. -- Solution: Fixed in the SVN repository. -- Credits: Discovered by Stefan Cornelius, Secunia Research. ** Affects: gimp (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-2949 -- Gimp PSD Plugin Integer Overflow Vulnerability https://bugs.launchpad.net/bugs/123972 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is a bug contact for gimp in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs