user release.debian....@packages.debian.org usertag 608981 squeeze-can-defer tag 608981 squeeze-ignore kthxbye
On Fri, Jan 14, 2011 at 23:35:48 +0100, Moritz Mühlenhoff wrote: > reassign 608981 libggi2 > thanks > > On Wed, Jan 05, 2011 at 04:16:36PM +1100, Silvio Cesare wrote: > > Package: zhcon > > Version: 1:0.2.6-5.2 > > Severity: important > > Tags: security > > > > zhcon crashes when a long GGI_DISPLAY environment variable is used with ggi. > > Probably indicative of a buffer overflow. zhcon is SUID root, so this crash > > might potentially lead to privilege escalation. I haven't investigated > > further, so it is possible that this is a non exploitable crash. > > That's a but in libggi, not zhcon. Reassining. > Can be fixed through security post release, so tagging as not a blocker. If anyone wants this fixed before the release, they need to upload *now*. Cheers, Julien
signature.asc
Description: Digital signature
