Upstream changelog for version 4.4.2 lists:
# Fix possible buffer overflow (reported by Vegard Nosum on the ml).
Don't have any further details, sorry ;)
backported the fix to 4.4.1-r1
Arches, please test and mark stable xfce-base/libxfce4util-4.4.1-r1.
Target keywords : "alpha amd64 arm hppa ia64 mips ppc ppc64 sparc x86"
Stable for HPPA.
request filed, but we'll probably group all the xfce stuff into one glsa.
This is an off-by-one read operation on a stack-based buffer in the xfce_mkdirhier() function, reported by Vegard Nossum.
I do not see how this could be exploited. Please reopen if you disagree.
Does not affect current (2008.0) release. Removing release.