Source: freeimage Version: 3.10.0-4 Severity: serious Tags: security upstream fixed-upstream
Hi, the following vulnerability was published for freeimage. CVE-2015-0852[0]: Integer overflow in PluginPCX.cpp If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-0852 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0852 https://marc.info/?l=oss-security&m=144073280200732&w=2 Please adjust the affected versions in the BTS as needed. BTW upstream patches are available but they are not minimal patches: http://freeimage.cvs.sourceforge.net/viewvc/freeimage/FreeImage/Source/FreeImage/PluginPCX.cpp?r1=1.17&r2=1.18&pathrev=MAIN http://freeimage.cvs.sourceforge.net/viewvc/freeimage/FreeImage/Source/FreeImage/PluginPCX.cpp?r1=1.18&r2=1.19&pathrev=MAIN Hopefully one the of the people who will discover this RC bug (because their package depends on freeimage or whatever) can be convinced to take over this package... it has been orphaned for way too long. Note that the package has another pending security issue (#786790). Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/