Bug#272166: vulnerable to holes fixed by DSA-549-1

Sebastien Bacher Sebastien Bacher <seb128@debian.org>, 272166@bugs.debian.org
Sat, 18 Sep 2004 01:32:34 +0200

Le vendredi 17 septembre 2004 =E0 19:09 -0400, Joey Hess a =E9crit :
> Package: gtk+2.0
> Severity: grave
> For the record: This package is vulnerable to the security holes fixed
> in stable by DSA-549-1. The CAN numbers of these security holes are
> CAN-2004-0782 CAN-2004-0783 CAN-2004-0788.

Is there a problem with the package uploaded today ? If not the bug
should probably be tagged + sarge ...

 gtk+2.0 (2.4.9-2) unstable; urgency=3Dhigh
   * debian/patches/002_xpmico.patch:
     - fix CAN-2004-0782 Heap-based overflow in pixbuf_create_from_xpm.
     - fix CAN-2004-0783 Stack-based overflow in xpm_extract_color.
     - fix CAN-2004-0788 ico loader integer overflow.


Sebastien Bacher