Joxean Koret discovered that the SVG import plugin in dia, a vector-oriented diagram editor, does not properly sanitise data read from an SVG file and is hence vulnerable to execute arbitrary Python code. This is CAN-2005-2966.
Created attachment 69738 [details, diff] dia.patch Patch from Steve Kemp / Debian Security
Gnome herd, please bump with patch and/or advise.
Patched and bumped. rev is dia-0.94-r3, target stable flags are: alpha amd64 ia64 ppc ppc64 sparc x86
Thx Daniel Arches, please test and mark stable...
amd64 done
marked stable on x86
sparc stable.
alpha stable
stable on ppc64
Stable on ppc.
GLSA 200510-06