Bug 192699 - CVE-2006-2480 Dia format string issue (CVE-2006-2453)
Summary: CVE-2006-2480 Dia format string issue (CVE-2006-2453)
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: dia
Version: 4
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Caolan McNamara
QA Contact:
URL:
Whiteboard: source=vendor-sec,impact=moderate,rep...
: 192538 (view as bug list)
Depends On:
Blocks: 190942
TreeView+ depends on / blocked
 
Reported: 2006-05-22 18:04 UTC by Josh Bressers
Modified: 2007-11-30 22:11 UTC (History)
1 user (show)

Fixed In Version: 0.94-16.fc4
Clone Of:
Environment:
Last Closed: 2006-05-25 07:35:00 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
GNOME Bugzilla 342111 0 None None None Never

Description Josh Bressers 2006-05-22 18:04:07 UTC 
Dia format string issue

Dia has a format string vulnerability in the way it displays error
messages.  It is possible for a user to create a maliciou dia file
which could

http://marc.theaimsgroup.com/?l=vuln-dev&m=114713874920770&w=2

Thre is a fix in the upstream bug:
http://bugzilla.gnome.org/show_bug.cgi?id=342111
Comment 1 Caolan McNamara 2006-05-23 07:46:33 UTC 
*** Bug 192538 has been marked as a duplicate of this bug. ***
Comment 2 Josh Bressers 2006-05-23 12:00:03 UTC 
A number of additional format string issues were discovered by Hans de Goede and
has been assigned the CVE id CVE-2006-2453.

The fix is attachment 129852 [details]
Comment 3 Caolan McNamara 2006-05-23 15:03:28 UTC 
*grumble*, backported 0.95 patch to 0.94. Pushing...
Comment 4 Caolan McNamara 2006-05-23 18:55:21 UTC 
updated with new bits, re-pushing
Comment 5 Fedora Update System 2006-05-24 23:24:06 UTC 
dia-0.94-16.fc4 has been pushed for fc4, which should resolve this issue.  If these problems are still present in this version, then please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.