openjdk team mailing list archive
-
openjdk team
-
Mailing list archive
-
Message #05194
[Bug 700198] Re: CVE-2009-0793
This bug was fixed in the package lcms - 1.18.dfsg-1ubuntu1.1
---------------
lcms (1.18.dfsg-1ubuntu1.1) karmic-security; urgency=low
* debian/patches/CVE-2009-0793.dpatch: SECURITY UPDATE: (LP: #700198)
- Fix DoS via a crafted image that triggers execution of incorrect
code for "transformations of monochrome profiles."
- CVE-2009-0073
-- Artur Rona <ari-tczew@xxxxxxxxxx> Sat, 08 Jan 2011 04:42:32 +0100
** Changed in: lcms (Ubuntu Hardy)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of OpenJDK,
which is subscribed to openjdk-6 in ubuntu.
https://bugs.launchpad.net/bugs/700198
Title:
CVE-2009-0793
Status in “gimp” package in Ubuntu:
New
Status in “ia32-libs” package in Ubuntu:
New
Status in “lcms” package in Ubuntu:
Fix Released
Status in “openjdk-6” package in Ubuntu:
Fix Released
Status in “openjdk-6b18” package in Ubuntu:
Fix Released
Status in “gimp” source package in Lucid:
New
Status in “ia32-libs” source package in Lucid:
New
Status in “lcms” source package in Lucid:
Fix Released
Status in “openjdk-6” source package in Lucid:
Fix Released
Status in “openjdk-6b18” source package in Lucid:
Fix Released
Status in “gimp” source package in Maverick:
New
Status in “ia32-libs” source package in Maverick:
New
Status in “lcms” source package in Maverick:
Fix Released
Status in “openjdk-6” source package in Maverick:
Fix Released
Status in “openjdk-6b18” source package in Maverick:
Fix Released
Status in “gimp” source package in Natty:
New
Status in “ia32-libs” source package in Natty:
New
Status in “lcms” source package in Natty:
Fix Released
Status in “openjdk-6” source package in Natty:
Fix Released
Status in “openjdk-6b18” source package in Natty:
Fix Released
Status in “gimp” source package in Hardy:
New
Status in “ia32-libs” source package in Hardy:
New
Status in “lcms” source package in Hardy:
Fix Released
Status in “openjdk-6” source package in Hardy:
Fix Released
Status in “openjdk-6b18” source package in Hardy:
Invalid
Status in “gimp” source package in Karmic:
New
Status in “ia32-libs” source package in Karmic:
New
Status in “lcms” source package in Karmic:
Fix Released
Status in “openjdk-6” source package in Karmic:
Fix Released
Status in “openjdk-6b18” source package in Karmic:
Invalid
Bug description:
Description
cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and
other products, allows remote attackers to cause a denial of service (NULL
pointer dereference and application crash) via a crafted image that
triggers execution of incorrect code for "transformations of monochrome
profiles."