[Bug 19702] CVE-2005-3186: Integer overflow in gdk-pixbuf's XPM code
bugzilla-daemon at bugzilla.ubuntu.com
bugzilla-daemon at bugzilla.ubuntu.com
Wed Nov 16 15:53:14 UTC 2005
Please do not reply to this email. You can add comments at
http://bugzilla.ubuntu.com/show_bug.cgi?id=19702
Ubuntu | gtk+2.0
------- Additional Comments From debzilla at ubuntu.com 2005-11-16 15:52 UTC -------
Message-ID: <20051116142013.GA29674 at informatik.uni-bremen.de>
Date: Wed, 16 Nov 2005 15:20:13 +0100
From: Moritz Muehlenhoff <jmm at inutil.org>
To: Loic Minier <lool at dooz.org>
Cc: Moritz Muehlenhoff <jmm at inutil.org>, 339431 at bugs.debian.org
Subject: Re: Bug#339431: CVE-2005-3186: Integer overflow in gdk-pixbuf's XPM code
Loic Minier wrote:
> The Redhat security advisory also fixes CVE-2005-2975, for which I see
> no entry in the Debian changelog, could you please investifate on this
> id and report whether gtk1 and gtk2 are affected for Debian?
The vulnerability matrix for Woody and Sarge (the entries are the line
numbers in io-xpm.c, where the vulnerable code is present):
Woody gtk2 Woody gdk-pixbuf Sarge gtk2 Sarge gdk-pixbuf
CVE-2005-2975 1170 284 1170 284
CVE-2005-2976 1317 413 ---- 413
CVE-2005-3186 1255 359 1256 359
Cheers,
Moritz
--
Configure bugmail: http://bugzilla.ubuntu.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
More information about the desktop-bugs
mailing list