Subject: CVS commit: pkgsrc/graphics/dia
To: None <pkgsrc-changes@NetBSD.org>
From: Lubomir Sedlacik <salo@netbsd.org>
List: pkgsrc-changes
Date: 04/04/2006 14:52:15
Module Name: pkgsrc
Committed By: salo
Date: Tue Apr 4 14:52:15 UTC 2006
Modified Files:
pkgsrc/graphics/dia: Makefile distinfo
Added Files:
pkgsrc/graphics/dia/patches: patch-ac patch-ad
Log Message:
Security fix for CVE-2006-1550:
"Multiple buffer overflows in the xfig import code (xfig-import.c) in Dia 0.87
and later before 0.95-pre6 allow user-complicit attackers to have an unknown
impact via a crafted xfig file, possibly involving an invalid (1) color index,
(2) number of points, or (3) depth."
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1550
http://mail.gnome.org/archives/dia-list/2006-March/msg00149.html
Fix from Dia CVS.
To generate a diff of this commit:
cvs rdiff -r1.41 -r1.42 pkgsrc/graphics/dia/Makefile
cvs rdiff -r1.14 -r1.15 pkgsrc/graphics/dia/distinfo
cvs rdiff -r0 -r1.1 pkgsrc/graphics/dia/patches/patch-ac \
pkgsrc/graphics/dia/patches/patch-ad
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.