Re: [Gnash-dev] is CVE-2007-2500 fixed in gnash HEAD?

gnash-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnash-dev] is CVE-2007-2500 fixed in gnash HEAD?

From:	strk
Subject:	Re: [Gnash-dev] is CVE-2007-2500 fixed in gnash HEAD?
Date:	Wed, 9 May 2007 12:02:44 +0200

On Wed, May 09, 2007 at 10:07:50AM +0200, Patrice Dumas wrote:
> Hello,
> 
> I have been notified that there was a security vulnerability in gnash
> 7.2:
> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2500
> 
> Is it fixed in HEAD? Is there a patch lying around for that issue?

Yep, should be fixed, see:

https://savannah.gnu.org/bugs/?19774

Having a file to test would help.
See http://www.gnashdev.org/wiki/index.php/Reference#Testing_tools
if you want to try finding robustness problems in Gnash. It should
be an interesting task...

(http://sam.zoy.org/zzuf/ deterministic spurious input provider tool)

--strk;

[Prev in Thread]

Current Thread

[Next in Thread]

[Gnash-dev] is CVE-2007-2500 fixed in gnash HEAD?, Patrice Dumas, 2007/05/09
- Re: [Gnash-dev] is CVE-2007-2500 fixed in gnash HEAD?, Rob Savoye, 2007/05/09
  - Re: [Gnash-dev] is CVE-2007-2500 fixed in gnash HEAD?, Martin Guy, 2007/05/09
- Re: [Gnash-dev] is CVE-2007-2500 fixed in gnash HEAD?, strk <=

Prev by Date: [Gnash-dev] Improving AGG performance
Next by Date: Re: [Gnash-dev] FileIO extension eating up memory (was: Building extensions)
Previous by thread: Re: [Gnash-dev] is CVE-2007-2500 fixed in gnash HEAD?
Next by thread: Re: [Gnash-dev] cvs tarballs
Index(es):
- Date
- Thread