1 |
rbu 08/01/09 23:25:42 |
2 |
|
3 |
Modified: glsa-200801-06.xml |
4 |
Log: |
5 |
GLSA 200801-06 typos fixed |
6 |
|
7 |
Revision Changes Path |
8 |
1.2 xml/htdocs/security/en/glsa/glsa-200801-06.xml |
9 |
|
10 |
file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/glsa/glsa-200801-06.xml?rev=1.2&view=markup |
11 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/glsa/glsa-200801-06.xml?rev=1.2&content-type=text/plain |
12 |
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/glsa/glsa-200801-06.xml?r1=1.1&r2=1.2 |
13 |
|
14 |
Index: glsa-200801-06.xml |
15 |
=================================================================== |
16 |
RCS file: /var/cvsroot/gentoo/xml/htdocs/security/en/glsa/glsa-200801-06.xml,v |
17 |
retrieving revision 1.1 |
18 |
retrieving revision 1.2 |
19 |
diff -u -r1.1 -r1.2 |
20 |
--- glsa-200801-06.xml 9 Jan 2008 23:21:12 -0000 1.1 |
21 |
+++ glsa-200801-06.xml 9 Jan 2008 23:25:42 -0000 1.2 |
22 |
@@ -11,7 +11,7 @@ |
23 |
</synopsis> |
24 |
<product type="ebuild">xfce4-panel libxfcegui4</product> |
25 |
<announced>January 09, 2008</announced> |
26 |
- <revised>January 09, 2008: 01</revised> |
27 |
+ <revised>January 09, 2008: 02</revised> |
28 |
<bug>201292</bug> |
29 |
<bug>201293</bug> |
30 |
<access>remote</access> |
31 |
@@ -33,19 +33,19 @@ |
32 |
</background> |
33 |
<description> |
34 |
<p> |
35 |
- Gregory Andersen reported that Xfce4 panel does not correctly calculate |
36 |
- memory boundaries, leading to a stack-based buffer overflow in the |
37 |
- launcher_update_panel_entry() function (CVE-2007-6531). Daichi Kawahata |
38 |
- reported libxfcegui4 did not copy provided values when creating |
39 |
- "SessionClient" structs, possibly leading to access of freed memory |
40 |
- areas (CVE-2007-6532). |
41 |
+ Gregory Andersen reported that the Xfce4 panel does not correctly |
42 |
+ calculate memory boundaries, leading to a stack-based buffer overflow |
43 |
+ in the launcher_update_panel_entry() function (CVE-2007-6531). Daichi |
44 |
+ Kawahata reported libxfcegui4 did not copy provided values when |
45 |
+ creating "SessionClient" structs, possibly leading to access of freed |
46 |
+ memory areas (CVE-2007-6532). |
47 |
</p> |
48 |
</description> |
49 |
<impact type="normal"> |
50 |
<p> |
51 |
A remote attacker could entice a user to install a specially crafted |
52 |
- "rc" to execute arbitrary code with file via long strings in the "Name" |
53 |
- and "Comment" fields or via unspecified vectors involving the second |
54 |
+ "rc" file to execute arbitrary code via long strings in the "Name" and |
55 |
+ "Comment" fields or via unspecified vectors involving the second |
56 |
vulnerability. |
57 |
</p> |
58 |
</impact> |
59 |
|
60 |
|
61 |
|
62 |
-- |
63 |
gentoo-commits@l.g.o mailing list |