retitle 546730 CVE-2007-6731, CVE-2007-6732: Multiple buffer overflows tag 546730 lenny etch fixed 546730 2.6.1-1 thanks
Hi, the following CVE (Common Vulnerabilities & Exposures) ids were published for xmp. CVE-2007-6731[0]: | Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers | to execute arbitrary code via an OXM file with a negative value, which | bypasses a check in (1) test_oxm and (2) decrunch_oxm functions in | misc/oxm.c, leading to a buffer overflow. CVE-2007-6732[1]: | Multiple buffer overflows in the dtt_load function in | loaders/dtt_load.c Extended Module Player (XMP) 2.5.1 and earlier | allow remote attackers to execute arbitrary code via unspecified | vectors related to an untrusted length value and the (1) pofs and (2) | plen arrays. These are already fixed in Debian unstable. Please coordinate with the security team (t...@security.debian.org) to prepare packages for the stable and oldstable releases. If you fix the vulnerabilities please also make sure to include the CVE ids in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6731 http://security-tracker.debian.net/tracker/CVE-2007-6731 [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6732 http://security-tracker.debian.net/tracker/CVE-2007-6732
signature.asc
Description: OpenPGP digital signature
