217158 – media-libs/swfdec <0.6.4 Remote file disclosure (CVE-2008-1834)

Bug 217158 - media-libs/swfdec <0.6.4 Remote file disclosure (CVE-2008-1834)

Summary: media-libs/swfdec <0.6.4 Remote file disclosure (CVE-2008-1834)

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High trivial (vote)
Assignee:	Gentoo Security

URL:	http://lists.freedesktop.org/archives...
Whiteboard:	~3 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2008-04-10 16:34 UTC by toto
Modified:	2008-04-16 17:27 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description toto 2008-04-10 16:34:24 UTC

Here's the release of Swfdec 0.6.4.

This is a security release, please update as soon as possible.

swfdec-0.6.4 "College Humor"
http://swfdec.freedesktop.org/download/swfdec/0.6/swfdec-0.6.4.tar.gz
MD5: a1568696246889109b884cb5434e81fc

fixes in this release:
- fix a security problem that allowed remote Flash files to read local files.
- fix a rare crash in TextField.replaceText
- fix a rare crash during cleanup

Swfdec still follows the no-crashes-allowed policy. Should you still
succeed in finding a crasher, please immediately file a bug at
https://bugs.freedesktop.org.

For more information about Swfdec, see http://swfdec.freedesktop.org

Cheers,
Benjamin

Reproducible: Always

Comment 1 Tobias Heinlein (RETIRED) gentoo-dev

2008-04-10 17:03:59 UTC

Maintainer, please bump.

Comment 2 Nguyen Thai Ngoc Duy (RETIRED) gentoo-dev

2008-04-11 06:29:37 UTC

0.6.4 in CVS.

Comment 3 Robert Buchholz (RETIRED) gentoo-dev

2008-04-11 12:18:10 UTC

Thank you.