Red Hat Bugzilla – Bug 192699
CVE-2006-2480 Dia format string issue (CVE-2006-2453)
Last modified: 2007-11-30 17:11:33 EST
Dia format string issue
Dia has a format string vulnerability in the way it displays error
messages. It is possible for a user to create a maliciou dia file
Thre is a fix in the upstream bug:
*** Bug 192538 has been marked as a duplicate of this bug. ***
A number of additional format string issues were discovered by Hans de Goede and
has been assigned the CVE id CVE-2006-2453.
The fix is attachment 129852 [details]
*grumble*, backported 0.95 patch to 0.94. Pushing...
updated with new bits, re-pushing
dia-0.94-16.fc4 has been pushed for fc4, which should resolve this issue. If these problems are still present in this version, then please make note of it in this bug report.