Bug#305072: CAN-2005-0706: Bufferoverflow in CDDB response parsing
Sjoerd Simons
sjoerd@spring.luon.net (Sjoerd Simons), 305072@bugs.debian.org
Mon, 18 Apr 2005 12:51:37 +0200
On Sun, Apr 17, 2005 at 09:19:32PM +0200, Moritz Muehlenhoff wrote:
> Package: gnome-vfs2
> Severity: grave
> Tags: security patch
> Justification: user security hole
>
> [ Dear security team; this seems to affect stable as well ]
>
> CAN-2005-0706 describes a buffer overflow in grip CDDB response parsing that
> can potentially be exploited to execute arbitrary code.
>
> gnome-vfs2 contains the vulnerable code as well. Attached you can find
> a patch like it has been patched for grip.
It does affect stable, but not sarge (as the cdda method isn't installed
there). And currently it also effects experimental (Gnome 2.10 vfs).
Sjoerd
--
You can only live once, but if you do it right, once is enough.