Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: CVE-2006-2480: dia format string vulnerability
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=192535
j.w.r.degoede(a)hhs.nl changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |CLOSED
Resolution| |CURRENTRELEASE
Fixed In Version| |0.95-2
------- Additional Comments From j.w.r.degoede(a)hhs.nl 2006-05-20 08:45 EST -------
Fixed using the patch attached to upstream's BZ (after checking / verifying it).
The fix has been imported into CVS, build and pushed for FC-5 and devel.
I assume the Security Response Team will take care of the security announcement?
And yes, this most definetly is a vulnerability. The current example of the
string format vulnerability is rather harmless, but I _think_ it will be
possbile to exploit this by getting people to open malformed files with dia.
--
Configure bugmail:
https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.