[Padre-dev] Fwd: [Full-disclosure] [SECURITY] [DSA 1890-1] New wxwidgets packages fix arbitrary code execution

Curtis Jewell lists.perl.padre-dev at csjewell.fastmail.us
Mon Sep 21 08:07:20 PDT 2009


If they're using a currect version of wxWidgets, the version number is
2.8.10 - you might want to ask if there is a fix for that, or if it was
fixed already.

--Curtis

On Mon, 21 Sep 2009 15:12 +0300, "Gabor Szabo" <szabgab at gmail.com>
wrote:
> ---------- Forwarded message ----------
> From: YGN Ethical Hacker Group <lists at yehg.net>
> Date: Mon, Sep 21, 2009 at 2:37 PM
> Subject: [Full-disclosure] [SECURITY] [DSA 1890-1] New wxwidgets
> packages fix arbitrary code execution
> To: wxperl-users at perl.org
> 
> 
> On Sat, Sep 19, 2009 at 2:56 PM, Steffen Joeris <white at debian.org> wrote:
> 
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > - ------------------------------------------------------------------------
> > Debian Security Advisory DSA-1890-1                  security at debian.org
> > http://www.debian.org/security/                      Giuseppe Iuculano
> > September 19, 2009                    http://www.debian.org/security/faq
> > - ------------------------------------------------------------------------
> >
> > Packages       : wxwindows2.4 wxwidgets2.6 wxwidgets2.8
> > Vulnerability  : integer overflow
> > Problem type   : remote
> > Debian-specific: no
> > CVE Id         : CVE-2009-2369
> >
> >
> > Tielei Wang has discovered an integer overflow in wxWidgets, the wxWidgets
> > Cross-platform C++ GUI toolkit, which allows the execution of arbitrary
> > code via a crafted JPEG file.
> >
> > For the oldstable distribution (etch), this problem has been fixed in
> > version
> > 2.4.5.1.1+etch1 for wxwindows2.4 and version 2.6.3.2.1.5+etch1 for
> > wxwidgets2.6.
> >
> > For the stable distribution (lenny), this problem has been fixed in version
> > 2.6.3.2.2-3+lenny1 for wxwidgets2.6 and version 2.8.7.1-1.1+lenny1 for
> > wxwidgets2.8.
> >
> > For the testing distribution (squeeze), this problem will be fixed soon.
> >
> > For the unstable distribution (sid), this problem has been fixed in
> > version 2.8.7.1-2 for wxwidgets2.8 and will be fixed soon for
> > wxwidgets2.6.
--
Curtis Jewell
swordsman at csjewell.fastmail.us

%DCL-E-MEM-BAD, bad memory
-VMS-F-PDGERS, pudding between the ears

[I use PC-Alpine, which deliberately does not display colors and pictures in HTML mail]



More information about the Padre-dev mailing list