Hi, as the maintainer of imlib2 is MIA I'm going to upload a 0-day NMU. debdiff attached and archived on: http://people.debian.org/~nion/nmu-diff/imlib2-1.4.0-1_1.4.0-1.1.patch
Cheers Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
diff -u imlib2-1.4.0/debian/changelog imlib2-1.4.0/debian/changelog
--- imlib2-1.4.0/debian/changelog
+++ imlib2-1.4.0/debian/changelog
@@ -1,3 +1,11 @@
+imlib2 (1.4.0-1.1) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Fix stack-based buffer overflow in pnm and xpm image loader modules
+ leading to arbitrary code execution (CVE-2008-2426; Closes: #483816).
+
+ -- Nico Golde <[EMAIL PROTECTED]> Sat, 31 May 2008 14:14:50 +0200
+
imlib2 (1.4.0-1) unstable; urgency=low
* New upstream version
only in patch2:
unchanged:
--- imlib2-1.4.0.orig/src/modules/loaders/loader_xpm.c
+++ imlib2-1.4.0/src/modules/loaders/loader_xpm.c
@@ -284,7 +284,7 @@
if (line[k] != ' ')
{
s[0] = 0;
- sscanf(&line[k], "%65535s", s);
+ sscanf(&line[k], "%255s", s);
slen = strlen(s);
k += slen;
if (!strcmp(s, "c"))
only in patch2:
unchanged:
--- imlib2-1.4.0.orig/src/modules/loaders/loader_pnm.c
+++ imlib2-1.4.0/src/modules/loaders/loader_pnm.c
@@ -68,7 +68,7 @@
int i = 0;
/* read numbers */
- while (c != EOF && !isspace(c))
+ while (c != EOF && !isspace(c) && (i<255))
{
buf[i++] = c;
c = fgetc(f);
pgpU2kxQ2LcNE.pgp
Description: PGP signature
