retitle 507587 CVE-2008-5282,CVE-2008-6005,CVE-2009-0323: multiple buffer overflows thanks
Hi There is an additional CVE about buffer overflows. CVE-2009-0323[0]: | Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0 | and 11.0 allow remote attackers to execute arbitrary code via (1) a | long type parameter in an input tag, which is not properly handled by | the EndOfXmlAttributeValue function; (2) an "HTML GI" in a start tag, | which is not properly handled by the ProcessStartGI function; and | unspecified vectors in (3) html2thot.c and (4) xml2thot.c, related to | the msgBuffer variable. NOTE: these are different vectors than | CVE-2008-6005. There are some more information available here[1]. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. Cheers Steffen For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0323 http://security-tracker.debian.net/tracker/CVE-2009-0323 [1] http://www.coresecurity.com/content/amaya-buffer-overflows
signature.asc
Description: This is a digitally signed message part.
