[Frugalware-git] homepage-ng: FSA601-file
Miklos Vajna
vmiklos at frugalware.org
Thu May 7 12:24:56 CEST 2009
Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=homepage-ng.git;a=commitdiff;h=e9507cdf87af3671e6dac89925e168557047b014
commit e9507cdf87af3671e6dac89925e168557047b014
Author: Miklos Vajna <vmiklos at frugalware.org>
Date: Thu May 7 12:24:49 2009 +0200
FSA601-file
diff --git a/frugalware/xml/security.xml b/frugalware/xml/security.xml
index 83fbd85..b41012e 100644
--- a/frugalware/xml/security.xml
+++ b/frugalware/xml/security.xml
@@ -26,6 +26,20 @@
<fsas>
<fsa>
+ <id>601</id>
+ <date>2009-05-07</date>
+ <author>Miklos Vajna</author>
+ <package>file</package>
+ <vulnerable>5.00-1</vulnerable>
+ <unaffected>5.02-1anacreon1</unaffected>
+ <bts>http://bugs.frugalware.org/task/3763</bts>
+ <cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0947
+ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0948</cve>
+ <desc>A vulnerability has been reported in file, which can be exploited by malicious people to potentially compromise a user's system.
+ The vulnerability is caused due to a boundary error within the "cdf_read_sat()" function in src/cdf.c. This can be exploited to cause a heap-based buffer overflow via a specially crafted compound document file.
+ Successful exploitation may allow execution of arbitrary code.</desc>
+ </fsa>
+ <fsa>
<id>600</id>
<date>2009-05-04</date>
<author>Miklos Vajna</author>
More information about the Frugalware-git
mailing list