Jakub Wilk
2010-Feb-16 08:44 UTC
[Secure-testing-team] Bug#570068: pyfribidi: heap-based buffer overflow
Package: pyfribidi Version: 0.6-1 Severity: grave Tags: security Justification: user security hole pyfribidi is susceptible to heap-based buffer overflows, see the upstream bugreport: http://sourceforge.net/tracker/?func=detail&aid=2676136&group_id=158366&atid=807545 Unfortunately, the upstream "fix" for this problem intoroduced in pyfribidi 0.9 only made the bug more blatant. According to the original reporter, pyfribidi is affected only if fribidi >= 0.19.1 is installed. If this is actually the case, the bug is a non-issue for lenny. -- Jakub Wilk -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL: <http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20100216/608ee555/attachment.pgp>