Moritz Muehlenhoff
2009-Apr-01 21:30 UTC
[Secure-testing-team] Bug#522240: CVE-2009-1209: Various security issues
Package: amaya
Severity: grave
Tags: security
CVE-2009-1209:
Stack-based buffer overflow in W3C Amaya Web Browser 11.1 allows remote
attackers
to execute arbitrary code via a script tag with a long defer attribute.
http://www.milw0rm.com/exploits/8314
http://www.milw0rm.com/exploits/8321
I suppose removing amaya from unstable would be the most elegant fix here.
Cheers,
Moritz
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, ''unstable'')
Architecture: i386 (i686)
Kernel: Linux 2.6.29-1-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15 at euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash
Versions of packages amaya depends on:
pn amaya-data <none> (no description available)
ii libc6 2.9-6 GNU C Library: Shared libraries
ii libexpat1 2.0.1-4 XML parsing C library - runtime li
ii libfreetype6 2.3.9-4 FreeType 2 font engine, shared lib
ii libgcc1 1:4.3.3-5 GCC support library
ii libgl1-mesa-glx [libgl 7.0.3-7 A free implementation of the OpenG
ii libglu1-mesa [libglu1] 7.0.3-7 The OpenGL utility library (GLU)
ii libjpeg62 6b-14 The Independent JPEG
Group''s JPEG
ii libpng12-0 1.2.35-1 PNG library - runtime
ii libraptor1 1.4.18-2 Raptor RDF parser and serializer l
ii libstdc++6 4.3.3-5 The GNU Standard C++ Library v3
pn libwww-ssl0 <none> (no description available)
pn libwxbase2.6-0 <none> (no description available)
pn libwxgtk2.6-0 <none> (no description available)
ii zlib1g 1:1.2.3.3.dfsg-13 compression library - runtime
Versions of packages amaya recommends:
pn amaya-doc <none> (no description available)
amaya suggests no packages.