openjdk team mailing list archive

[Launchpad Bug Tracker <700198@xxxxxxxxxxxxxxxxxx>]

This bug was fixed in the package lcms - 1.18.dfsg-1.2ubuntu1

---------------
lcms (1.18.dfsg-1.2ubuntu1) natty; urgency=low

  * Merge from debian unstable.  Remaining changes: (LP: #694364)
    - debian/control: Mention Little CMS in binary package names
      for searchability. (Closes: #608007)
    - debian/rules: Adjust for Python 2.6 transition.
  * This upload fixes security issue. (LP: #700198)
    - CVE-2009-0793

lcms (1.18.dfsg-1.2) unstable; urgency=low

  * Non-maintainer upload
  * Fix silly copy&paste error (Really Closes: #560993)

lcms (1.18.dfsg-1.1) unstable; urgency=low

  * Non-maintainer upload
  * Fix CVE-2009-0793 (Closes: #530785)
  * Fix detection of sparc64, patch by Aurelien Jarno (Closes: #560993)
 -- Artur Rona <ari-tczew@xxxxxxxxxx>   Sat, 08 Jan 2011 04:27:31 +0100

** Changed in: lcms (Ubuntu)
       Status: New => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-0793

-- 
You received this bug notification because you are a member of OpenJDK,
which is subscribed to openjdk-6 in ubuntu.
https://bugs.launchpad.net/bugs/700198

Title:
  CVE-2009-0793

Status in “gimp” package in Ubuntu:
  New
Status in “ia32-libs” package in Ubuntu:
  New
Status in “lcms” package in Ubuntu:
  Fix Released
Status in “openjdk-6” package in Ubuntu:
  New
Status in “openjdk-6b18” package in Ubuntu:
  New

Bug description:
  Description
cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and
other products, allows remote attackers to cause a denial of service (NULL
pointer dereference and application crash) via a crafted image that
triggers execution of incorrect code for "transformations of monochrome
profiles."