Bug#330890: [Pkg-dia-team] Bug#330890: dia: Arbitrary code execution when importing a .svg file

Roland Stigge stigge at antcom.de
Fri Sep 30 19:23:23 UTC 2005

tag 330890 security
tag 330890 upstream
forwarded 330890 http://bugzilla.gnome.org/show_bug.cgi?id=317637
# woody:
notfound 330890 0.88.1-3
# sarge:
found 330890 0.94.0-7
# testing/unstable:
found 330890 0.94.0-14
# experimental
found 330890 0.94.0+CVS20050917-2


thanks for reporting this issue.

Joxean Koret wrote:
> The script diasvg_import.py that comes with the current Debian stable
> version of Dia is vulnerable to an arbitrary code execution.
> I tried to contact with the Dia team too many times but without any look
> so, I think, there is no patch at the moment for the issues.

I couldn't find your comment on the upstream mailing list or in a GNOME
mozilla bug.

> Attached goes a working exploit to test the vulnerability.

Attached goes a fix that directly applies to the stable, testing and
unstable versions of dia in Debian (the respective code doesn't appear
in woody). Tested. Will coordinate with debian-security before uploading
to make fixes to stable and unstable consistent.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: dia.patch
Type: text/x-patch
Size: 1940 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-dia-team/attachments/20050930/4e5512ed/dia.bin

More information about the Pkg-dia-team mailing list