From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-1890-1
[email protected] http://www.debian.org/security/ Giuseppe Iuculano September 19, 2009
http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Packages : wxwindows2.4 wxwidgets2.6 wxwidgets2.8
Vulnerability : integer overflow
Problem type : remote
Debian-specific: no
CVE Id : CVE-2009-2369
Tielei Wang has discovered an integer overflow in wxWidgets, the wxWidgets Cross-platform C++ GUI toolkit, which allows the execution of arbitrary
code via a crafted JPEG file.
For the oldstable distribution (etch), this problem has been fixed in version 2.4.5.1.1+etch1 for wxwindows2.4 and version 2.6.3.2.1.5+etch1 for wxwidgets2.6.
For the stable distribution (lenny), this problem has been fixed in version 2.6.3.2.2-3+lenny1 for wxwidgets2.6 and version 2.8.7.1-1.1+lenny1 for wxwidgets2.8.
For the testing distribution (squeeze), this problem will be fixed soon.
For the unstable distribution (sid), this problem has been fixed in
version 2.8.7.1-2 for wxwidgets2.8 and will be fixed soon for
wxwidgets2.6.
We recommend that you upgrade your wxwidgets packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Debian (oldstable)
- ------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/wxwidgets2.6_2.6.3.2.1.5+etch1.dsc
Size/MD5 checksum: 1070 122f76e514a09e27a2efeb83972508bf
http://security.debian.org/pool/updates/main/w/wxwindows2.4/wxwindows2.4_2.4.5.1.1+etch1.tar.gz
Size/MD5 checksum: 11008448 56e09f548341a24faab4e2494ccf3c2e
http://security.debian.org/pool/updates/main/w/wxwindows2.4/wxwindows2.4_2.4.5.1.1+etch1.dsc
Size/MD5 checksum: 1088 956079f1b2e0639fdd5edab2112c528a
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/wxwidgets2.6_2.6.3.2.1.5+etch1.tar.gz
Size/MD5 checksum: 15785194 de6ed02cb129ce6393d132452999cd17
Architecture independent packages:
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/wx2.6-i18n_2.6.3.2.1.5+etch1_all.deb
Size/MD5 checksum: 664476 ab249de067119db66091ecc4a4412d35
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/python-wxtools_2.6.3.2.1.5+etch1_all.deb
Size/MD5 checksum: 17782 f176eaeafccacf0b965c68d3b61a0253
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/wx2.6-examples_2.6.3.2.1.5+etch1_all.deb
Size/MD5 checksum: 3633304 e2b5d8c1c0edcd2287a35a327576ebdd
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/wx2.6-doc_2.6.3.2.1.5+etch1_all.deb
Size/MD5 checksum: 1252698 cb859a2500031b5cd6d4397f7bfd5eb3
http://security.debian.org/pool/updates/main/w/wxwindows2.4/wx2.4-i18n_2.4.5.1.1+etch1_all.deb
Size/MD5 checksum: 372546 988d0727d645d9c75f4ae8509abd719b
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/python-wxversion_2.6.3.2.1.5+etch1_all.deb
Size/MD5 checksum: 21782 a704638d51c4ef98ec5a2f9473ae68a7
http://security.debian.org/pool/updates/main/w/wxwindows2.4/wx2.4-doc_2.4.5.1.1+etch1_all.deb
Size/MD5 checksum: 1076678 e6271674af7b940be14ebfb52e23b92d
http://security.debian.org/pool/updates/main/w/wxwindows2.4/wx2.4-examples_2.4.5.1.1+etch1_all.deb
Size/MD5 checksum: 2709008 c7028e976a32f5244ebb27693db064c6
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/w/wxwindows2.4/python-wxgtk2.4_2.4.5.1.1+etch1_alpha.deb
Size/MD5 checksum: 2713910 ba15f692945dbefedb47bae998f013c3
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxbase2.4-dev_2.4.5.1.1+etch1_alpha.deb
Size/MD5 checksum: 25074 21e8730a7006310d0a84c407e4f2ae0e
http://security.debian.org/pool/updates/main/w/wxwindows2.4/wx2.4-headers_2.4.5.1.1+etch1_alpha.deb
Size/MD5 checksum: 564238 2370397d7591b72fc7609ce02f7f4f84
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxgtk2.6-dbg_2.6.3.2.1.5+etch1_alpha.deb
Size/MD5 checksum: 19992954 db418cf6e2847b9907ef6a538f70adcc
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/wx-common_2.6.3.2.1.5+etch1_alpha.deb
Size/MD5 checksum: 50328 be45b6149b0c116e803fdd38e5572cef
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxgtk2.6-dev_2.6.3.2.1.5+etch1_alpha.deb
Size/MD5 checksum: 36444 2eae2b26e38100bf60a474e520bf0b99
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxgtk2.4-dev_2.4.5.1.1+etch1_alpha.deb
Size/MD5 checksum: 25134 1c888b3cc0a33b76336db7df6ae2d0c0
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxbase2.4-dbg_2.4.5.1.1+etch1_alpha.deb
Size/MD5 checksum: 2255974 33e6409ca72ad7e06d8e51d3b0b441ae
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxgtk2.4-dbg_2.4.5.1.1+etch1_alpha.deb
Size/MD5 checksum: 10382526 97c9fa30e8f06e2124147c3da791dca2
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxgtk2.4-1_2.4.5.1.1+etch1_alpha.deb
Size/MD5 checksum: 1744166 9258be03adf61cee4096427744bf3d72
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/python-wxgtk2.6_2.6.3.2.1.5+etch1_alpha.deb
Size/MD5 checksum: 3122808 8798c58b18d973c828fc0532dadae0bd
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxgtk2.6-0_2.6.3.2.1.5+etch1_alpha.deb
Size/MD5 checksum: 2994732 3e0e2b05ade2d712bd2b221716305ae0
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxbase2.4-1_2.4.5.1.1+etch1_alpha.deb
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)