[Bug 19702] CVE-2005-3186: Integer overflow in gdk-pixbuf's XPM code
bugzilla-daemon at bugzilla.ubuntu.com
bugzilla-daemon at bugzilla.ubuntu.com
Mon Nov 21 07:32:37 UTC 2005
Please do not reply to this email. You can add comments at
http://bugzilla.ubuntu.com/show_bug.cgi?id=19702
Ubuntu | gtk+2.0
------- Additional Comments From debzilla at ubuntu.com 2005-11-21 07:32 UTC -------
Message-ID: <20051121064615.GF1123 at finlandia.infodrom.north.de>
Date: Mon, 21 Nov 2005 07:46:15 +0100
From: Martin Schulze <joey at infodrom.org>
To: Loic Minier <lool at dooz.org>
Cc: Moritz Muehlenhoff <jmm at inutil.org>, 339431 at bugs.debian.org,
team at security.debian.org
Subject: Re: Bug#339431: CVE-2005-3186: Integer overflow in gdk-pixbuf's XPM code
Loic Minier wrote:
> Sorry for the delay. You can grab the proposed fixes in:
> <http://people.dooz.org/~lool/debian/gtk-gdk-cves.tgz> (87M)
> MD5: 56148df50af6e28beaca57e4fa3bf6cc
Thanks a lot! Packages are building already.
> I found the vulnerability matrix by Moritz Muehlenhoff useful:
> Woody gtk2 Woody gdk-pixbuf Sarge gtk2 Sarge gdk-pixbuf
> CVE-2005-2975 1170 284 1170 284
> CVE-2005-2976 1317 413 ---- 413
> CVE-2005-3186 1255 359 1256 359
What's the meaning of the numbers above?
I had to rebuild the woody packages since you've built them for
'stable-security' instead of 'oldstable-security', and by that
I've also used woody3 instead of woody2.1, so the version is not
needlessly prolongued.
Could you tell us as well which versions in sid fix these problems?
Regards,
Joey
--
If you come from outside of Finland, you live in wrong country.
-- motd of irc.funet.fi
Please always Cc to me when replying to me on the lists.
--
Configure bugmail: http://bugzilla.ubuntu.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
More information about the desktop-bugs
mailing list