CVE-2008-5262 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5262): Multiple stack-based buffer overflows in the iGetHdrHeader function in src-IL/src/il_hdr.c in DevIL 1.7.4 allow context-dependent attackers to execute arbitrary code via a crafted Radiance RGBE file.
The upstream patch is off-by-one, as reported by Nico Golde in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512122
Added devil-1.7.7 to the tree and put in a stablereq bug (bug #258748).
*** Bug 258748 has been marked as a duplicate of this bug. ***
Arches, please test and mark stable: =media-libs/devil-1.7.7 Target keywords : "amd64 ia64 ppc sparc x86"
amd64/x86 stable
ia64/sparc stable
ppc stable
GLSA request filed.
GLSA 200903-04, thanks everyone, sorry about the delay.