bugtraq - [ MDVSA-2009:219 ] kompozer

lists.openwall.net		lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC
Open Source and information security mailing list archives

Hash Suite: Windows password security audit tool. GUI, reports in PDF.

[<prev] [next>] [day] [month] [year] [list]

Message-Id: <E1Mfe7F-0003vP-4x@titan.mandriva.com>
Date: Mon, 24 Aug 2009 20:18:01 +0200
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2009:219 ] kompozer


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:219
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : kompozer
 Date    : August 24, 2009
 Affected: 2009.0, 2009.1
 _______________________________________________________________________

 Problem Description:

 A vulnerability was found in xmltok_impl.c (expat) that with
 specially crafted XML could be exploited and lead to a denial of
 service attack. Related to CVE-2009-2625.
 
 Additionally on 2009.0 a patch was added to prevent kompozer from
 crashing (#44830), on 2009.1 a format string patch was added to make
 it build with the -Wformat -Werror=format-security gcc optimization
 switch added in 2009.1
 
 This update fixes these issues.
 _______________________________________________________________________

 References:

 https://bugs.gentoo.org/show_bug.cgi?id=280615
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 40b57bb8609896b9f3414d394a2b80aa  2009.0/i586/kompozer-0.7.10-3.2mdv2009.0.i586.rpm
 2b3fad1cc94862007b46120467f1b32b  2009.0/i586/kompozer-devel-0.7.10-3.2mdv2009.0.i586.rpm 
 70b15f82ad77d6fae7683bc7a76b73c6  2009.0/SRPMS/kompozer-0.7.10-3.2mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 7f9547dc0af74f015ca28d57808f33d1  2009.0/x86_64/kompozer-0.7.10-3.2mdv2009.0.x86_64.rpm
 4767d2a9f5e400594edd33992b0cfa3f  2009.0/x86_64/kompozer-devel-0.7.10-3.2mdv2009.0.x86_64.rpm 
 70b15f82ad77d6fae7683bc7a76b73c6  2009.0/SRPMS/kompozer-0.7.10-3.2mdv2009.0.src.rpm

 Mandriva Linux 2009.1:
 c6c2cc21a9332f629dd2406b1530a96a  2009.1/i586/kompozer-0.7.10-4.1mdv2009.1.i586.rpm
 b3a94128d547cfb70e357b5de7eecc9f  2009.1/i586/kompozer-devel-0.7.10-4.1mdv2009.1.i586.rpm 
 6f17fed53183c4b88697c94c3a15b544  2009.1/SRPMS/kompozer-0.7.10-4.1mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 9238d4b652f3bffbdfb353a362ba12b8  2009.1/x86_64/kompozer-0.7.10-4.1mdv2009.1.x86_64.rpm
 3dd34e69b846d39843dc759c9977a525  2009.1/x86_64/kompozer-devel-0.7.10-4.1mdv2009.1.x86_64.rpm 
 6f17fed53183c4b88697c94c3a15b544  2009.1/SRPMS/kompozer-0.7.10-4.1mdv2009.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKkq1UmqjQ0CJFipgRApUJAKCa0N4NPDO3EQI21tBihHZpCWN/UACfTbOm
7nG2kZV5LEIF6aeMsIZKzUU=
=coDS
-----END PGP SIGNATURE-----