← Back to team overview

openjdk team mailing list archive

[Bug 700198] Re: CVE-2009-0793

 

This bug was fixed in the package lcms - 1.18.dfsg-1ubuntu2.10.10.1

---------------
lcms (1.18.dfsg-1ubuntu2.10.10.1) maverick-security; urgency=low

  * debian/patches/CVE-2009-0793.dpatch: SECURITY UPDATE: (LP: #700198)
    - Fix DoS via a crafted image that triggers execution of incorrect
      code for "transformations of monochrome profiles."
    - CVE-2009-0073
 -- Artur Rona <ari-tczew@xxxxxxxxxx>   Sat, 08 Jan 2011 04:23:13 +0100

** Changed in: lcms (Ubuntu Maverick)
       Status: In Progress => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-0073

** Changed in: lcms (Ubuntu Lucid)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of OpenJDK,
which is subscribed to openjdk-6 in ubuntu.
https://bugs.launchpad.net/bugs/700198

Title:
  CVE-2009-0793

Status in “gimp” package in Ubuntu:
  New
Status in “ia32-libs” package in Ubuntu:
  New
Status in “lcms” package in Ubuntu:
  Fix Released
Status in “openjdk-6” package in Ubuntu:
  Fix Released
Status in “openjdk-6b18” package in Ubuntu:
  Fix Released
Status in “gimp” source package in Lucid:
  New
Status in “ia32-libs” source package in Lucid:
  New
Status in “lcms” source package in Lucid:
  Fix Released
Status in “openjdk-6” source package in Lucid:
  Fix Released
Status in “openjdk-6b18” source package in Lucid:
  Fix Released
Status in “gimp” source package in Maverick:
  New
Status in “ia32-libs” source package in Maverick:
  New
Status in “lcms” source package in Maverick:
  Fix Released
Status in “openjdk-6” source package in Maverick:
  Fix Released
Status in “openjdk-6b18” source package in Maverick:
  Fix Released
Status in “gimp” source package in Natty:
  New
Status in “ia32-libs” source package in Natty:
  New
Status in “lcms” source package in Natty:
  Fix Released
Status in “openjdk-6” source package in Natty:
  Fix Released
Status in “openjdk-6b18” source package in Natty:
  Fix Released
Status in “gimp” source package in Hardy:
  New
Status in “ia32-libs” source package in Hardy:
  New
Status in “lcms” source package in Hardy:
  Fix Released
Status in “openjdk-6” source package in Hardy:
  Fix Released
Status in “openjdk-6b18” source package in Hardy:
  Invalid
Status in “gimp” source package in Karmic:
  New
Status in “ia32-libs” source package in Karmic:
  New
Status in “lcms” source package in Karmic:
  Fix Released
Status in “openjdk-6” source package in Karmic:
  Fix Released
Status in “openjdk-6b18” source package in Karmic:
  Invalid

Bug description:
  Description
  cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and
  other products, allows remote attackers to cause a denial of service (NULL
  pointer dereference and application crash) via a crafted image that
  triggers execution of incorrect code for "transformations of monochrome
  profiles."