Package: advi Version: 1.6.0-12 Severity: serious Tags: security Hi,
The following CVE (Common Vulnerabilities & Exposures) id was published for camlimages. advi statically links to camlimages, so any issues in that package are also applicable to advi. There were already updates to camlimages for etch an lenny, so advi just needs to be relinked using those new versions. Please coordinate these updates with the security team. CVE-2009-2295[0]: | Multiple integer overflows in CamlImages 2.2 and earlier might allow | context-dependent attackers to execute arbitrary code via a crafted | PNG image with large width and height values that trigger a heap-based | buffer overflow in the (1) read_png_file or (2) read_png_file_as_rgb24 | function. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2295 http://security-tracker.debian.net/tracker/CVE-2009-2295 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
