openjdk team mailing list archive

Thread
Date
[Bug 700198] Re: CVE-2009-0793

To: openjdk@xxxxxxxxxxxxxxxxxxx
From: Jamie Strandboge <jamie@xxxxxxxxxx>
Date: Tue, 11 Jan 2011 17:23:33 -0000
Reply-to: Bug 700198 <700198@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
** Also affects: gimp (Ubuntu Hardy)
   Importance: Undecided
       Status: New

** Also affects: ia32-libs (Ubuntu Hardy)
   Importance: Undecided
       Status: New

** Also affects: lcms (Ubuntu Hardy)
   Importance: Undecided
       Status: New

** Also affects: openjdk-6 (Ubuntu Hardy)
   Importance: Undecided
       Status: New

** Also affects: openjdk-6b18 (Ubuntu Hardy)
   Importance: Undecided
       Status: New

** Also affects: gimp (Ubuntu Karmic)
   Importance: Undecided
       Status: New

** Also affects: ia32-libs (Ubuntu Karmic)
   Importance: Undecided
       Status: New

** Also affects: lcms (Ubuntu Karmic)
   Importance: Undecided
       Status: New

** Also affects: openjdk-6 (Ubuntu Karmic)
   Importance: Undecided
       Status: New

** Also affects: openjdk-6b18 (Ubuntu Karmic)
   Importance: Undecided
       Status: New

** Also affects: gimp (Ubuntu Lucid)
   Importance: Undecided
       Status: New

** Also affects: ia32-libs (Ubuntu Lucid)
   Importance: Undecided
       Status: New

** Also affects: lcms (Ubuntu Lucid)
   Importance: Undecided
       Status: New

** Also affects: openjdk-6 (Ubuntu Lucid)
   Importance: Undecided
       Status: New

** Also affects: openjdk-6b18 (Ubuntu Lucid)
   Importance: Undecided
       Status: New

** Also affects: gimp (Ubuntu Maverick)
   Importance: Undecided
       Status: New

** Also affects: ia32-libs (Ubuntu Maverick)
   Importance: Undecided
       Status: New

** Also affects: lcms (Ubuntu Maverick)
   Importance: Undecided
       Status: New

** Also affects: openjdk-6 (Ubuntu Maverick)
   Importance: Undecided
       Status: New

** Also affects: openjdk-6b18 (Ubuntu Maverick)
   Importance: Undecided
       Status: New

** Also affects: gimp (Ubuntu Natty)
   Importance: Undecided
       Status: New

** Also affects: ia32-libs (Ubuntu Natty)
   Importance: Undecided
       Status: New

** Also affects: lcms (Ubuntu Natty)
   Importance: Undecided
       Status: Fix Released

** Also affects: openjdk-6 (Ubuntu Natty)
   Importance: Undecided
       Status: New

** Also affects: openjdk-6b18 (Ubuntu Natty)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of OpenJDK,
which is subscribed to openjdk-6 in ubuntu.
https://bugs.launchpad.net/bugs/700198

Title:
  CVE-2009-0793

Status in “gimp” package in Ubuntu:
  New
Status in “ia32-libs” package in Ubuntu:
  New
Status in “lcms” package in Ubuntu:
  Fix Released
Status in “openjdk-6” package in Ubuntu:
  New
Status in “openjdk-6b18” package in Ubuntu:
  New
Status in “gimp” source package in Lucid:
  New
Status in “ia32-libs” source package in Lucid:
  New
Status in “lcms” source package in Lucid:
  New
Status in “openjdk-6” source package in Lucid:
  New
Status in “openjdk-6b18” source package in Lucid:
  New
Status in “gimp” source package in Maverick:
  New
Status in “ia32-libs” source package in Maverick:
  New
Status in “lcms” source package in Maverick:
  New
Status in “openjdk-6” source package in Maverick:
  New
Status in “openjdk-6b18” source package in Maverick:
  New
Status in “gimp” source package in Natty:
  New
Status in “ia32-libs” source package in Natty:
  New
Status in “lcms” source package in Natty:
  Fix Released
Status in “openjdk-6” source package in Natty:
  New
Status in “openjdk-6b18” source package in Natty:
  New
Status in “gimp” source package in Hardy:
  New
Status in “ia32-libs” source package in Hardy:
  New
Status in “lcms” source package in Hardy:
  New
Status in “openjdk-6” source package in Hardy:
  New
Status in “openjdk-6b18” source package in Hardy:
  New
Status in “gimp” source package in Karmic:
  New
Status in “ia32-libs” source package in Karmic:
  New
Status in “lcms” source package in Karmic:
  New
Status in “openjdk-6” source package in Karmic:
  New
Status in “openjdk-6b18” source package in Karmic:
  New

Bug description:
  Description
  cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and
  other products, allows remote attackers to cause a denial of service (NULL
  pointer dereference and application crash) via a crafted image that
  triggers execution of incorrect code for "transformations of monochrome
  profiles."