Bug#339431: CVE-2005-3186: Integer overflow in gdk-pixbuf's XPM code
Moritz Muehlenhoff
jmm at inutil.org
Wed Nov 16 14:20:13 UTC 2005
Loic Minier wrote:
> The Redhat security advisory also fixes CVE-2005-2975, for which I see
> no entry in the Debian changelog, could you please investifate on this
> id and report whether gtk1 and gtk2 are affected for Debian?
The vulnerability matrix for Woody and Sarge (the entries are the line
numbers in io-xpm.c, where the vulnerable code is present):
Woody gtk2 Woody gdk-pixbuf Sarge gtk2 Sarge gdk-pixbuf
CVE-2005-2975 1170 284 1170 284
CVE-2005-2976 1317 413 ---- 413
CVE-2005-3186 1255 359 1256 359
Cheers,
Moritz
More information about the Pkg-gnome-maintainers
mailing list