Giuseppe Iuculano
2009-Dec-03 08:17 UTC
[Secure-testing-team] Bug#559265: CVE-2009-0689: remote array overrun
Package: kdelibs
Severity: grave
Tags: security patch
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for kdelibs.
CVE-2009-0689[0]:
| The gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc in
| FreeBSD 6.4 and 7.2, NetBSD 5.0, and OpenBSD 4.5, and as used in
| K-Meleon 1.5.3, SeaMonkey 1.1.8, and possibly other products; and allows
| context-dependent attackers to cause a denial of service (application
| crash) or possibly have unspecified other impact via a large precision
| value in the format argument to a printf function, related to an
| "array overrun."
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0689
http://security-tracker.debian.org/tracker/CVE-2009-0689
Patch:
http://websvn.kde.org/branches/KDE/4.3/kdelibs/kjs/dtoa.cpp?r1=1052100&r2=1052099&pathrev=1052100
Cheers,
Giuseppe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAksXdCAACgkQNxpp46476aoAFQCfcVSi8/FMB1hTSoo8u3WbaS/p
l60AnjmZX31dSO8QB2hCsDP/EvRlCluA
=2TCu
-----END PGP SIGNATURE-----