Debian Bug report logs -
#381538
CVE-2006-3376: arbitrary code execution in libwmf
Reported by: Stefan Fritsch <sf@sfritsch.de>
Date: Sat, 5 Aug 2006 09:33:01 UTC
Severity: grave
Tags: security
Found in version libwmf/0.2.8.4-1
Fixed in version libwmf/0.2.8.4-2
Done: Matej Vela <vela@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Matej Vela <vela@debian.org>
:
Bug#381538
; Package libwmf0.2-7
.
(full text, mbox, link).
Acknowledgement sent to Stefan Fritsch <sf@sfritsch.de>
:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Matej Vela <vela@debian.org>
.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: libwmf0.2-7
Version: 0.2.8.4-1
Severity: grave
Tags: security
Justification: user security hole
CVE-2006-3376 reads:
Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple
products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5)
libgsf, and (6) imagemagick allows remote attackers to execute
arbitrary code via the MaxRecordSize header field in a WMF file.
Please mention the CVE-id in the changelog.
Reply sent to Matej Vela <vela@debian.org>
:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Stefan Fritsch <sf@sfritsch.de>
:
Bug acknowledged by developer.
(full text, mbox, link).
Message #10 received at 381538-close@bugs.debian.org (full text, mbox, reply):
Source: libwmf
Source-Version: 0.2.8.4-2
We believe that the bug you reported is fixed in the latest version of
libwmf, which is due to be installed in the Debian FTP archive:
libwmf-bin_0.2.8.4-2_i386.deb
to pool/main/libw/libwmf/libwmf-bin_0.2.8.4-2_i386.deb
libwmf-dev_0.2.8.4-2_i386.deb
to pool/main/libw/libwmf/libwmf-dev_0.2.8.4-2_i386.deb
libwmf-doc_0.2.8.4-2_all.deb
to pool/main/libw/libwmf/libwmf-doc_0.2.8.4-2_all.deb
libwmf0.2-7_0.2.8.4-2_i386.deb
to pool/main/libw/libwmf/libwmf0.2-7_0.2.8.4-2_i386.deb
libwmf_0.2.8.4-2.diff.gz
to pool/main/libw/libwmf/libwmf_0.2.8.4-2.diff.gz
libwmf_0.2.8.4-2.dsc
to pool/main/libw/libwmf/libwmf_0.2.8.4-2.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 381538@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Matej Vela <vela@debian.org> (supplier of updated libwmf package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 5 Aug 2006 12:15:57 +0200
Source: libwmf
Binary: libwmf-dev libwmf-bin libwmf-doc libwmf0.2-7
Architecture: source all i386
Version: 0.2.8.4-2
Distribution: unstable
Urgency: high
Maintainer: Matej Vela <vela@debian.org>
Changed-By: Matej Vela <vela@debian.org>
Description:
libwmf-bin - Windows metafile conversion tools
libwmf-dev - Windows metafile conversion development
libwmf-doc - Windows metafile documentation
libwmf0.2-7 - Windows metafile conversion library
Closes: 381538
Changes:
libwmf (0.2.8.4-2) unstable; urgency=high
.
* src/player.c: Fix integer overflow vulnerability. [CVE-2006-3376]
Closes: #381538.
Files:
8b795932cc57c5eaf1027958b80964ae 757 libs optional libwmf_0.2.8.4-2.dsc
a298170778683e60a72ba8e71b902561 7343 libs optional libwmf_0.2.8.4-2.diff.gz
10b916fc49e8643d1b955654f7d46b07 173646 libs optional libwmf0.2-7_0.2.8.4-2_i386.deb
ff4ba47be59bd766fd2488dcae47cdad 16894 graphics optional libwmf-bin_0.2.8.4-2_i386.deb
900ba8750702ed0e3c01829fb64a9a7c 193082 libdevel optional libwmf-dev_0.2.8.4-2_i386.deb
5d9567a792f67a0c1b5b1cc382ac1af8 271704 doc optional libwmf-doc_0.2.8.4-2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFE1HFAxBYivKllgY8RAikqAJwKehRBGqZVrarqRLXexlUUULk1YACfexdk
vxlMh8dA3VUlTSyfwMblC04=
=3zYn
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Mon, 25 Jun 2007 06:58:32 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:34:43 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.