notfound 496851 2.22-1-6 thank you what about a getting a fix for this issue into stable?
> yelp (2.22.1-4) unstable; urgency=high > > * SECURITY: New patch, 60_format-string, fixes format string vulnerability; > bump urgency to high; CVE-2008-3533; GNOME #546364; from SVN r3173; > LP: #254860. > >> Package: yelp >> Version: 2.22.1-6 >> Severity: grave >> Tags: security >> Justification: user security hole >> >> yelp is vulnerable to attacks via badly formatted strings for certain error >> messages. ubuntu recently released a fix for this problem [1]. the issue >> is described as: >> >> Aaron Grattafiori discovered that the Gnome Help Viewer did not handle >> format strings correctly when displaying certain error messages. If a >> user were tricked into opening a specially crafted URI, a remote attacker >> could execute arbitrary code with user privileges. >> >> this may or may not be related to CVE-2008-3533 [2]. this should be >> considered a high-urgency vulnerability since it allows remote attackers >> to exectute arbitrary code. >> >> thank you for the hard work. >> >> [1] http://www.ubuntu.com/usn/usn-638-1 >> [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3533 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
