183299 – app-office/dia < 0.96.1-6 Freetype font parsing vulnerabilities (CVE-2007-1351, CVE-2007-2754)

Bug 183299 - app-office/dia < 0.96.1-6 Freetype font parsing vulnerabilities (CVE-2007-1351, CVE-2007-2754)

Summary: app-office/dia < 0.96.1-6 Freetype font parsing vulnerabilities (CVE-2007-135...

Status:	RESOLVED INVALID

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High minor (vote)
Assignee:	Gentoo Security

URL:	http://secunia.com/advisories/25810/
Whiteboard:	B3 [] p-y
Keywords:

Depends on:
Blocks:

Reported:	2007-06-26 18:15 UTC by Pierre-Yves Rofes (RETIRED)
Modified:	2007-06-28 04:46 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Pierre-Yves Rofes (RETIRED) gentoo-dev

2007-06-26 18:15:36 UTC

Two vulnerabilities have been acknowledged in Dia, which potentially can be exploited by malicious people to compromise a user's system.
solution: update to version 0.96.1-6

Comment 1 Pierre-Yves Rofes (RETIRED) gentoo-dev

2007-06-26 18:16:32 UTC

Setting status and cc'ing herd. gnome-office, please advise and bump as necessary.

Comment 2 Lubomir Rintel 2007-06-27 20:31:10 UTC

Please close. This is specific to Windows binary build linked against vulnerable Freetype.

Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2007-06-28 04:46:43 UTC

Thx for the pointer Lubomir.