[Frugalware-darcs] homepage-ng: FSA194-file

voroskoi voroskoi at frugalware.org
Thu Jun 7 12:33:38 CEST 2007


Darcsweb-Url: http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=homepage-ng;a=darcs_commitdiff;h=20070607102559-dd049-d55be3a449014fe61ed699ab589cfbbdf9188850.gz;

[FSA194-file
voroskoi <voroskoi at frugalware.org>**20070607102559] {
hunk ./frugalware/xml/security.xml 29
+	<fsa>
+		<id>194</id>
+		<date>2007-06-07</date>
+		<author>voroskoi</author>
+		<package>file</package>
+		<vulnerable>4.20-1</vulnerable>
+		<unaffected>4.21-1terminus1</unaffected>
+		<bts>http://bugs.frugalware.org/task/2119</bts>
+		<cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2007-1536
+			http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2007-2799</cve>
+		<desc>A vulnerability has been reported in file, which potentially can b=
e exploited by malicious people to compromise a vulnerable system. The vuln=
erability is caused due to an unspecified integer underflow within the "fil=
e_printf" function, which can be exploited to cause a heap-based buffer ove=
rflow.</desc>
+	</fsa>
}


More information about the Frugalware-darcs mailing list