Bug number - 454760

Part of package: e2fsprogs.

Bug description:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
Debian Bug report logs -  #454760 e2fsprogs: CVE-2007-5497 multiple integer overflows
Package:      e2fsprogs; Maintainer for e2fsprogs is Theodore Y. Ts'o <tytso@mit.edu>; Source for e2fsprogs is src:e2fsprogs (PTS, buildd, popcon).
Reported by: Nico Golde <nion@debian.org>
Date: Fri,  7 Dec 2007 16:48:02 UTC
Severity: grave
Tags: patch, security
Found in versions e2fsprogs/1.37-2sarge1, e2fsprogs/1.40.2-1
Fixed in versions 1.39+1.40-WIP-2006.11.14+dfsg-2etch1, e2fsprogs/1.40.2-1+lenny1, e2fsprogs/1.40.3-1
Done: Nico Golde <nion@debian.org>
Bug is archived. No further changes may be made.

All x-patch and x-diff attachments.

Patch	Author	Date
e2fsprogs-VUL0_integer_overflow.patch	Nico Golde <nion@debian.org>	Fri, 7 Dec 2007 17:45:33 +0100
CVE-2007-5497.patch	Nico Golde <nion@debian.org>	Sat, 8 Dec 2007 13:58:30 +0100

Original bug report here.