Package: stlport5 Version: 5.0.2-11 Severity: normal Tags: security CVE-2007-0803 says[1]:
'Multiple buffer overflows in STLport before 5.0.3 allow remote attackers to execute arbitrary code via unspecified vectors relating to (1) "print floats" and (2) a missing null termination in the "rope constructor."' Upstream 5.0.3 fixes[2] the problems. It is unclear if there are applications in Debian using stlport5 that are vulnerable as a result of these flaws. It seems that stlport5.1 and stlport4.6 share a similar code path, and may need fixing too. Thanks, -Kees [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0803 [2] http://sourceforge.net/project/shownotes.php?release_id=483468 -- Kees Cook @outflux.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
