[MBT] new entry in pkg netpbm "Multiple vulnerabilities in NetPBM 9.20 and earlier, and possibly other versions"
bugs at pld.org.pl
bugs at pld.org.pl
Wed May 21 19:01:07 CEST 2003
Date: 2003-05-21 19:01:06+02 Author: (kreutzm) <kreutzm at itp.uni-hannover.de>
Title: Multiple vulnerabilities in NetPBM 9.20 and earlier, and possibly other versions
Ticket ID: #621
Ticket URL: http://bugs.pld.org.pl/?bug=621
Package: netpbm-2:9.23-2
Distribution: PLD-1.0.main
Category: security problem
Current state: resolving state
Text:
Sorry, maybe I am completely wrong on this one. So please bear with me.
According to
http://www.securityfocus.com/bid/6979
the Ra version should be vulnerable. Alan Cox talks in
http://marc.theaimsgroup.com/?l=bugtraq&m=104644687816522&w=2
of a 100k patch.
Upstream seems to be aware of the problems (at least partially) but is reluctant to include the fixes:
http://netpbm.sourceforge.net/overflow.html
I checked the changelog once more, and there is no mention
at any time of application of any special (security) patches. There are updates to newer versions, labled bugfixes, but noting Alans mail and the above cited notice I doubt that the proper (if they even exist) bug fixes are included.
*** State changed to 'resolving state'
More information about the pld-bugs
mailing list