Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2006-2480: dia format string vulnerability https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=192535 j.w.r.degoede(a)hhs.nl changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |CURRENTRELEASE Fixed In Version| |0.95-2 ------- Additional Comments From j.w.r.degoede(a)hhs.nl 2006-05-20 08:45 EST ------- Fixed using the patch attached to upstream's BZ (after checking / verifying it). The fix has been imported into CVS, build and pushed for FC-5 and devel. I assume the Security Response Team will take care of the security announcement? And yes, this most definetly is a vulnerability. The current example of the string format vulnerability is rather harmless, but I _think_ it will be possbile to exploit this by getting people to open malformed files with dia. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.