I see, well according to the bug report, its fixed in 2.5.2-1. I tested that
version itself and sadly the fix isn't there.

On Sun, Dec 13, 2009 at 1:29 AM, Patroklos Argyroudis
<argp at census-labs.com>wrote:

><i> On Sat, Dec 12, 2009 at 10:59:28PM +0200, Razuel Akaharnath wrote:
</I>><i> > DESCRIPTION:
</I>><i> > "The gif2png program converts files from the obsolescent Graphic
</I>><i> Interchange
</I>><i> > Format to Portable Network Graphics <http://www.libpng.org/pub/png/>.
</I>><i> The
</I>><i> > conversion preserves all graphic information, including transparency,
</I>><i> > perfectly. The gif2png program can even recover data from corrupted
</I>><i> GIFs."
</I>><i> >
</I>><i> > homepage: http://catb.org/~esr/gif2png/<http://catb.org/%7Eesr/gif2png/><
</I>><i> http://catb.org/%7Eesr/gif2png/>
</I>><i> >
</I>><i> > VULNERABILITY:
</I>><i> > gif2png does not perform proper bounds checking on the size of input
</I>><i> > filename. The buffer (1025 in size) is easily overrun with a strcpy
</I>><i> > function.
</I>><i> >
</I>><i> > AFFECTED VERSION:
</I>><i> > latest: 2.5.2
</I>><i>
</I>><i> I have reported this to Debian about two months ago:
</I>><i>
</I>><i> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550978
</I>><i>
</I>><i> --
</I>><i> Patroklos Argyroudis
</I>><i> http://www.census-labs.com/
</I>><i>
</I>-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20091213/c04218ac/attachment.html