Red Hat Bugzilla – Bug 192698
CVE-2006-2480 Dia format string issue (CVE-2006-2453)
Last modified: 2007-11-30 17:07:25 EST
Dia format string issue
Dia has a format string vulnerability in the way it displays error
messages. It is possible for a user to create a maliciou dia file
Thre is a fix in the upstream bug:
Created attachment 129852 [details]
Patch which fixes additional format string issues
The above patch fixes a number of additional format string issues discovered by
Hans de Goede and has been assigned the CVE id CVE-2006-2453
Created attachment 129875 [details]
A few more format string issues fixed.
oky doky, added. Built into 4E-errata, and
mkerrata-wrapper dist-4E-errata-candidate dia-0.94-5.7.1 has been run.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.