[Secure-testing-team] Bug#559266: CVE-2009-0689: remote array overrun
Giuseppe Iuculano
iuculano at debian.org
Thu Dec 3 08:19:23 UTC 2009
Package: kde4libs
Severity: grave
Tags: security patch
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for kde4libs.
CVE-2009-0689[0]:
| The gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc in
| FreeBSD 6.4 and 7.2, NetBSD 5.0, and OpenBSD 4.5, and as used in
| K-Meleon 1.5.3, SeaMonkey 1.1.8, and possibly other products; and allows
| context-dependent attackers to cause a denial of service (application
| crash) or possibly have unspecified other impact via a large precision
| value in the format argument to a printf function, related to an
| "array overrun."
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0689
http://security-tracker.debian.org/tracker/CVE-2009-0689
Patch: http://websvn.kde.org/branches/KDE/4.3/kdelibs/kjs/dtoa.cpp?r1=1052100&r2=1052099&pathrev=1052100
Cheers,
Giuseppe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAksXdIgACgkQNxpp46476aqL0wCfU4Mq14ReuNKF4mtv7QFpcIMH
fVUAmQHmFQgzBtO3OPmjoVim7ivHm99F
=Eqgc
-----END PGP SIGNATURE-----
More information about the Secure-testing-team
mailing list