blob: fd359ad1f85af0a178ac820954d816f1263b1003 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200506-09">
<title>gedit: Format string vulnerability</title>
gedit suffers from a format string vulnerability that could allow arbitrary
code execution.
<product type="ebuild">gedit</product>
<announced>June 11, 2005</announced>
<revised>May 22, 2006: 02</revised>
<package name="app-editors/gedit" auto="yes" arch="*">
<unaffected range="ge">2.10.3</unaffected>
<vulnerable range="lt">2.10.3</vulnerable>
gedit is the official text editor of the GNOME desktop environement.
A format string vulnerability exists when opening files with names
containing format specifiers.
<impact type="normal">
A specially crafted file with format specifiers in the filename can
cause arbitrary code execution.
There are no known workarounds at this time.
All gedit users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=app-editors/gedit-2.10.3&quot;</code>
<uri link="">BugTraq ID 13699</uri>
<uri link="">gedit 10.3 Release Notes</uri>
<uri link="">CVE-2005-1686</uri>
<metadata tag="requester" timestamp="Fri, 10 Jun 2005 14:36:10 +0000">
<metadata tag="submitter" timestamp="Fri, 10 Jun 2005 17:36:40 +0000">
<metadata tag="bugReady" timestamp="Sat, 11 Jun 2005 11:59:18 +0000">