reassign 439927 libt1 thanks On Tuesday 28 August 2007 04:28:00 pm Thijs Kinkhorst wrote: > Package: php5 > Tags: security > > Hi, > > A security issue has been reported against the GD extension in PHP: > > Buffer overflow in php_gd2.dll in the gd (PHP_GD2) extension in PHP 5.2.3 > > allows context-dependent attackers to execute arbitrary code via a long > > argument to the imagepsloadfont function. > > I've tried to assess whether Debian is vulnerable to this, but cannot come > to a definitive "yes" or "no". Could you please investigate?
to answer the question: yes, this is a vulnerability, albeit a rather low one. but no, it is not php that is vulnerable but libt1, as the vulnerability can be traced back there in the core dump, and this seems to be backed up by updates to http://www.securityfocus.com/bid/25079 (esp see discussion section). sean
signature.asc
Description: This is a digitally signed message part.
