Dia format string issue Dia has a format string vulnerability in the way it displays error messages. It is possible for a user to create a maliciou dia file which could http://marc.theaimsgroup.com/?l=vuln-dev&m=114713874920770&w=2 Thre is a fix in the upstream bug: http://bugzilla.gnome.org/show_bug.cgi?id=342111
Created attachment 129852 [details] Patch which fixes additional format string issues
The above patch fixes a number of additional format string issues discovered by Hans de Goede and has been assigned the CVE id CVE-2006-2453
Created attachment 129875 [details] A few more format string issues fixed.
oky doky, added. Built into 4E-errata, and mkerrata-wrapper dist-4E-errata-candidate dia-0.94-5.7.1 has been run.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2006-0541.html