Bug 217158 - media-libs/swfdec <0.6.4 Remote file disclosure (CVE-2008-1834)
Bug#: 217158 Product:  Gentoo Security Version: unspecified Platform: All
OS/Version: Linux Status: RESOLVED Severity: trivial Priority: P2
Resolution: FIXED Assigned To: security@gentoo.org Reported By: toto@darkside.tomsk.ru
Component: Vulnerabilities
URL:  http://lists.freedesktop.org/archives/swfdec/2008-April/001321.html
Summary: media-libs/swfdec <0.6.4 Remote file disclosure (CVE-2008-1834)
Keywords:  
Status Whiteboard: ~3 [noglsa]
Opened: 2008-04-10 16:34 0000
Description:   Opened: 2008-04-10 16:34 0000 
Here's the release of Swfdec 0.6.4.

This is a security release, please update as soon as possible.

swfdec-0.6.4 "College Humor"
http://swfdec.freedesktop.org/download/swfdec/0.6/swfdec-0.6.4.tar.gz
MD5: a1568696246889109b884cb5434e81fc

fixes in this release:
- fix a security problem that allowed remote Flash files to read local files.
- fix a rare crash in TextField.replaceText
- fix a rare crash during cleanup

Swfdec still follows the no-crashes-allowed policy. Should you still
succeed in finding a crasher, please immediately file a bug at
https://bugs.freedesktop.org.

For more information about Swfdec, see http://swfdec.freedesktop.org

Cheers,
Benjamin

Reproducible: Always

------- Comment #1 From Tobias Heinlein 2008-04-10 17:03:59 0000 ------- 
Maintainer, please bump.

------- Comment #2 From Nguyen Thai Ngoc Duy (RETIRED) 2008-04-11 06:29:37 0000 ------- 
0.6.4 in CVS.

------- Comment #3 From Robert Buchholz 2008-04-11 12:18:10 0000 ------- 
Thank you.