Fixed in NMU of gtk+2.0 2.6.4-3.1

Loic Minier lool at dooz.org
Sat Dec 17 05:25:05 UTC 2005 

tag 339431 + fixed

quit

This message was generated automatically in response to a
non-maintainer upload.  The .changes file follows.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun, 20 Nov 2005 17:41:24 +0100
Source: gtk+2.0
Binary: libgtk2.0-dev libgtk2.0-0-dbg gtk2-engines-pixbuf libgtk2.0-0 libgtk2.0-doc gtk2.0-examples libgtk2.0-bin libgtk2.0-common
Architecture: source i386 all
Version: 2.6.4-3.1
Distribution: stable-security
Urgency: high
Maintainer: Sebastien Bacher <seb128 at debian.org>
Changed-By: Loic Minier <lool at dooz.org>
Description: 
 gtk2-engines-pixbuf - Pixbuf-based theme for GTK+ 2.x
 gtk2.0-examples - Examples files for the GTK+ 2.0
 libgtk2.0-0 - The GTK+ graphical user interface library
 libgtk2.0-0-dbg - The GTK+ libraries and debugging symbols
 libgtk2.0-bin - The programs for the GTK+ graphical user interface library
 libgtk2.0-common - Common files for the GTK+ graphical user interface library
 libgtk2.0-dev - Development files for the GTK+ library
 libgtk2.0-doc - Documentation for the GTK+ graphical user interface library
Closes: 339431
Changes: 
 gtk+2.0 (2.6.4-3.1) stable-security; urgency=high
 .
   * Non-maintainer upload targetted at stable-security.
   * SECURITY UPDATE: Arbitrary code execution and DoS.
     - Add debian/patches/010_xpm-colors-overflow_CVE-2005-3186.patch.
       . Addresses CVE-2005-3186: Integer overflow in the GTK+ gdk-pixbuf XPM
       image rendering library in GTK+ 2.4.0 allows attackers to execute
       arbitrary code via an XPM file with a number of colors that causes
       insufficient memory to be allocated, which leads to a heap-based buffer
       overflow.
       . io-xpm.c: Add check to XPM reader to prevent integer overflow for
       specially crafted number of colors.
       . Closes: #339431
     - Add debian/patches/011_xpm-colors-loop_CVE-2005-2975.patch.
       . Addresses CVE-2005-2975: The GTK+ gdk-pixbuf XPM image rendering
       library allows attackers to cause a denial of service (infinite loop)
       via a crafted XPM image.
       . io-xpm.c: Fix endless loop with specially crafted number of colors.
Files: 
 876d42d456f4c65949fe326d4603d0a6 2000 libs optional gtk+2.0_2.6.4-3.1.dsc
 a3ab72c9c80384fb707b992eb8b43c13 16354198 libs optional gtk+2.0_2.6.4.orig.tar.gz
 743d43246b74d208e704b0a8212625df 49387 libs optional gtk+2.0_2.6.4-3.1.diff.gz
 b84d91a0e62bc5294208e39a10d8f875 2983652 misc optional libgtk2.0-common_2.6.4-3.1_all.deb
 2b12f72ddc801222745fba5784f0d30a 2317798 doc optional libgtk2.0-doc_2.6.4-3.1_all.deb
 8dedb3a4d88d4aeb64f0b3be221b25e2 2097270 libs optional libgtk2.0-0_2.6.4-3.1_i386.deb
 eb658bed31f5fa07d5ac7fe194dbd50e 18194 misc optional libgtk2.0-bin_2.6.4-3.1_i386.deb
 bb53cc8a482cf455ea1b0c913d6cd2cb 7234930 libdevel optional libgtk2.0-dev_2.6.4-3.1_i386.deb
 1f90e641d602fb9aef7233c8f2fdc374 17534636 libdevel extra libgtk2.0-0-dbg_2.6.4-3.1_i386.deb
 9562defc5dd5d78d3eac97ac79c0f1b6 260184 x11 extra gtk2.0-examples_2.6.4-3.1_i386.deb
 54ac82ff996e06087721a12edca85ca0 51142 graphics optional gtk2-engines-pixbuf_2.6.4-3.1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDgN+G4VUX8isJIMARAvJmAJ46HkpWu+7ZphdwsAXHu8P/umZjxwCeJnJw
K88iwqGF901wjmRGQUmCShE=
=zgx+
-----END PGP SIGNATURE-----

More information about the Pkg-gnome-maintainers mailing list