Package: dia Version: 0.95.0-3 Severity: normal Tags: security patch CVE-2006-2480: "Format string vulnerability in Dia 0.94 allows user-complicit attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a .bmp filename. NOTE: since the exploit occurs through a command line argument, it is possible that this is not a vulnerability, unless there exist typical mechanisms under which the filename is automatically provided to Dia via another product, such as a browser."
This is GNOME Bugzilla #342111 [1]; there is a proposed patch [2] attached to that entry. Although the CVE mentions only version 0.94, Debian's 0.95.0-3 is vulnerable, and I am able to reproduce the issue with the instructions in Bugzilla. With the patch applied, Dia no longer crashes but gives a "can't open" message. Please mention the CVE number in your changelog. Thanks, Alec [1] http://bugzilla.gnome.org/show_bug.cgi?id=342111 [2] http://bugzilla.gnome.org/attachment.cgi?id=65665&action=view -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
