Upstream changelog for version 4.4.2 lists: # Fix possible buffer overflow (reported by Vegard Nosum on the ml). Don't have any further details, sorry ;)
backported the fix to 4.4.1-r1
Arches, please test and mark stable xfce-base/libxfce4util-4.4.1-r1. Target keywords : "alpha amd64 arm hppa ia64 mips ppc ppc64 sparc x86"
amd64 stable
x86 stable
alpha/ia64/sparc stable
Stable for HPPA.
ppc64 stable
ppc stable
request filed, but we'll probably group all the xfce stuff into one glsa.
bug 201747
This is an off-by-one read operation on a stack-based buffer in the xfce_mkdirhier() function, reported by Vegard Nossum. http://thread.gmane.org/gmane.comp.desktop.xfce.devel.version4/14349
I do not see how this could be exploited. Please reopen if you disagree.
Does not affect current (2008.0) release. Removing release.