openjdk team mailing list archive
-
openjdk team
-
Mailing list archive
-
Message #05716
[Bug 700198] Re: CVE-2009-0793
This bug was fixed in the package ia32-libs - 2.7ubuntu26.1
---------------
ia32-libs (2.7ubuntu26.1) lucid-security; urgency=low
* SECURITY UPDATE: Refresh packages to pull in security fixes,
including:
- lcms buffer overflow, CVE-2009-0793 (LP: #700198)
- openssl: multiple issues, including CVE-2009-3555, CVE-2009-3245,
and CVE-2010-2939
- libpango1.0: multiple DoS, possible code execution issues:
CVE-2010-0421, CVE-2011-0020, CVE-2011-0064
- nss: many issues
-- Steve Beattie <sbeattie@xxxxxxxxxx> Tue, 12 Apr 2011 11:26:47 -0700
** Changed in: ia32-libs (Ubuntu Karmic)
Status: Triaged => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-1797
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-2498
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-2499
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-2500
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-2519
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-2520
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-2527
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-2541
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-2805
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-2806
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-2807
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-2808
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-3311
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-3814
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-3855
--
You received this bug notification because you are a member of OpenJDK,
which is subscribed to openjdk-6 in Ubuntu.
https://bugs.launchpad.net/bugs/700198
Title:
CVE-2009-0793
Status in “gimp” package in Ubuntu:
Invalid
Status in “ia32-libs” package in Ubuntu:
Fix Released
Status in “lcms” package in Ubuntu:
Fix Released
Status in “openjdk-6” package in Ubuntu:
Fix Released
Status in “openjdk-6b18” package in Ubuntu:
Fix Released
Status in “gimp” source package in Lucid:
Invalid
Status in “ia32-libs” source package in Lucid:
Fix Released
Status in “lcms” source package in Lucid:
Fix Released
Status in “openjdk-6” source package in Lucid:
Fix Released
Status in “openjdk-6b18” source package in Lucid:
Fix Released
Status in “gimp” source package in Maverick:
Invalid
Status in “ia32-libs” source package in Maverick:
Fix Released
Status in “lcms” source package in Maverick:
Fix Released
Status in “openjdk-6” source package in Maverick:
Fix Released
Status in “openjdk-6b18” source package in Maverick:
Fix Released
Status in “gimp” source package in Natty:
Invalid
Status in “ia32-libs” source package in Natty:
Fix Released
Status in “lcms” source package in Natty:
Fix Released
Status in “openjdk-6” source package in Natty:
Fix Released
Status in “openjdk-6b18” source package in Natty:
Fix Released
Status in “gimp” source package in Hardy:
Invalid
Status in “ia32-libs” source package in Hardy:
Fix Released
Status in “lcms” source package in Hardy:
Fix Released
Status in “openjdk-6” source package in Hardy:
Fix Released
Status in “openjdk-6b18” source package in Hardy:
Invalid
Status in “gimp” source package in Karmic:
Invalid
Status in “ia32-libs” source package in Karmic:
Fix Released
Status in “lcms” source package in Karmic:
Fix Released
Status in “openjdk-6” source package in Karmic:
Fix Released
Status in “openjdk-6b18” source package in Karmic:
Invalid
Bug description:
Description
cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and
other products, allows remote attackers to cause a denial of service (NULL
pointer dereference and application crash) via a crafted image that
triggers execution of incorrect code for "transformations of monochrome
profiles."
