Bug 245051 (CVE-2008-4799)

Comment 1 Stefan Behte (RETIRED) 2008-10-31 11:45:46 UTC

Latest stable version in tree: 10.43.00
Graphics, could we keyword the older, vulnerable versions?

Comment 2 SpanKY 2008-11-01 06:17:08 UTC

what's the question exactly ?  we dont have an 10.35.x in the tree

Comment 3 Stefan Behte (RETIRED) 2008-11-01 12:01:33 UTC

But we have 10.26.57 and 10.26.58?
Vulnerable software and versions lists: cpe:/a:netpbm:netpbm:10.26

Comment 4 SpanKY 2008-11-02 05:50:32 UTC

presumably you're talking about this:
08.10.27 BJH  Release 10.35.54

              pnm_createBlackTuple(): fix array bounds violation with
              PBM, PGM.

              ppmforge, pgmnoise, pgmcrater: better randomization;
              won't produce the same image if you run it twice within
              the same second.

              pnmtoddif: fix crash with any PGM input.

              pgmnoise: fix bug: never generates full white pixel.

but those fixes are in 10.26.58 already

Comment 5 Stefan Behte (RETIRED) 2008-11-02 16:43:59 UTC

Ok, so let's remove 10.26.57.

Comment 6 SpanKY 2008-11-02 20:23:24 UTC

removed

Comment 7 Stefan Behte (RETIRED) 2008-11-05 22:28:37 UTC

Patch URL was: http://netpbm.svn.sourceforge.net/viewvc/netpbm/trunk/editor/pamperspective.c?r1=492&r2=683

Comment 8 Stefan Behte (RETIRED) 2008-11-10 10:46:48 UTC

Ready for voting, I guess.

Comment 9 Robert Buchholz (RETIRED) 2008-11-26 19:00:55 UTC

Client-side DOS, noglsa.