[Secure-testing-team] CVE-2010-2304 - #586547 - squeeze related - patch attached

Jose Antonio Quevedo Muñoz joseantonio.quevedo at gmail.com
Wed Aug 11 05:52:36 UTC 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi there!

squeeze was frozen the last week as you know.
This vulnerability [1] was already solved by Gustavo Noronha in unstable,
but it's not solved in squeeze and lenny yet.

The bug was reported by Nico Golde [1] (thanks for a very good bugreport).
The patched was distributed by upstream. [2]
More information about this CVE can be found in [3] and [4].

Attached is the debdiff that includes the patch that can be used to
solve this issue.
I'm not an official DM or DD, so please review my work expecting newbie
mistakes.

Best regards,

[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=586547
[2]
http://src.chromium.org/viewvc/chrome/branches/WebKit/375/WebCore/rendering/RenderListMarker.cpp?r1=48100&r2=48099
[3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2304
[4] http://security-tracker.debian.org/tracker/CVE-2010-2304

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJMYjqdAAoJEBwLEnROdHjaNjUP/37i75Fx8u2gPPBC4cue29Lp
V9EioOStg7GJXgIVTlUhGl/8RyKlahCDMk3cJZTxAAvLP274Jg729DRt/ZPCOd7e
m8bS5uc6u2oUVeaPdduTbsIO2bFSMEVrzx0X7Q8phCCJEFRJEBuDaPLf+dOKukGe
G5jf3MHKgkkDZGyl5Mr4ym3PkzzqOosSomXzZF5MmPtCc9MFMhhcuoTRjC0ZkQR+
XbrAEopIAEoSPGyGbg/iz2Q/Bw+xYWpHNwzoOpHRN+/llnssP7tl/w0i+X5C0JsB
tJ0PdYr/Vy+C/1/nMaquKO7AbRp4gByq6YqOXs8pgKFfLQ85WfXuBPRtLjqzkpIV
kelEC61R1k0+Hd82X1Xq7Ej1xnceZxBa79QVN1S/34wh1aOw88rDE3utA9IOGD/q
Df4OvwGYZAyvNJuoyHtSvKNiTX+XO5aoIgCtdPRWTBWcqC2XXSOBqJUo1UvzQzxE
Xd4OsG7fdica6Bs4T8iIcPl+tV5U2VvWUl8FK5OVQZsSyzIcR4KQX8D48HxQHDsw
Au77BjOktMHkuBz5k9Z5Bfr3Vy4F8AHH0H4Hpjq7k3Y0yH9SoGfQ80BqNKYLx8p4
CgG8BJ7C6sgBK/JGn+KEi6/ACnbXpEfntH9uaB7Gt7y0ueC6Ea8MTD2tl5tipMfP
i+76i4LnqHcsiP3FQPHj
=Xv/k
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: debdiff.diff
Type: text/x-patch
Size: 3110 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20100811/a831d0a2/attachment.bin>


More information about the Secure-testing-team mailing list