Ubuntu Security Notice USN-193-1 October 04, 2005
dia vulnerability CAN-2005-2966
A security issue affects the following Ubuntu releases:
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
The problem can be corrected by upgrading the affected package to
version 0.94.0-5ubuntu1.1. After a standard system upgrade you have
to restart dia to effect the necessary changes.
Joxean Koret discovered that the SVG import plugin did not properly
sanitise data read from an SVG file. By tricking an user into opening
a specially crafted SVG file, an attacker could exploit this to
execute arbitrary code with the privileges of the user.