Some vulnerabilities have been reported in Inkscape, which potentially can be exploited by malicious people to compromise a user's system. 1) A format string error exists in certain dialogs. This can be exploited to execute arbitrary code by tricking the user into opening a specially crafted URI containing format string specifiers. 2) A format string error exists in the Whiteboard Jabber client, which potentially can be exploited to execute arbitrary code. Successful exploitation requires that the user is logged in to a Jabber server. The vulnerabilities are reported in versions prior to 0.45.1. SOLUTION: Update to version 0.45.1. PROVIDED AND/OR DISCOVERED BY: Kees Cook
graphics please advise and patch as necessary.
*** Bug 165715 has been marked as a duplicate of this bug. ***
(In reply to comment #1) > graphics please advise and patch as necessary. > 0.45.1 added to the tree. Arches please test and mark stable. Requires a newer pstoedit stable too as users weren't able to import postscript files with earlier versions: betelgeuse@pena /usr/portage/media-gfx/inkscape $ adjutrix -w x86 =media-gfx/inkscape-0.45.1 Package Version Current Keywords Masks ============================= =================== ================= ========= media-gfx/pstoedit 3.44 ~x86 media-gfx/inkscape 0.45.1 ~x86
x86 stable
ppc64 stable
ppc stable
Stable for HPPA.
updating status.
sparc stable.
Stable on amd64.
thanks arches, GLSA in progress...
GLSA 200704-10 thanks everyone
*** Bug 174815 has been marked as a duplicate of this bug. ***