Package: trueprint Version: 5.3-4 Severity: grave Tags: security Justification: user security hole
trueprint has a buffer overflow vulnerability. A PoC file is attached. $ /usr/bin/trueprint foo Program received signal SIGSEGV, Segmentation fault. 0xbfffff81 in ?? () (gdb) -- System Information: Debian Release: 7.1 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Kernel: Linux 3.2.0-3-686-pae (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages trueprint depends on: ii libc6 2.13-38 Versions of packages trueprint recommends: ii cups-bsd [lpr] 1.5.3-5 trueprint suggests no packages. -- no debconf information
foo
Description: Binary data
