Package: gxine Version: 0.5.8-2 Severity: important Tags: security Multiple buffer overflows in the (1) main function in (a) client.c, and the (2) server_setup and (3) server_client_connect functions in (b) server.c in gxine 0.5.9 and earlier allow local users to cause a denial of service (daemon crash) or gain privileges via a long HOME environment variable. NOTE: some of these details are obtained from third party information.
Reference: http://www.frsirt.com/english/advisories/2007/0259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0406 Solution: Update to version gxine 0.5.10 http://xinehq.de/index.php/news?show_category_id=1 Note: Please mention the CVE id in the changelog. regards, -- .''`. : :' : Alex de Oliveira Silva | enerv `. `' www.enerv.net `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
