Bug#339431: marked as done (CVE-2005-3186: Integer overflow in gdk-pixbuf's XPM code)

Debian Bug Tracking System owner at bugs.debian.org
Wed Nov 16 17:33:19 UTC 2005 

Your message dated Wed, 16 Nov 2005 09:17:08 -0800
with message-id <E1EcQuC-0002HP-6m at spohr.debian.org>
and subject line Bug#339431: fixed in gtk+2.0 2.6.10-2
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 16 Nov 2005 09:17:36 +0000
>From jmm at inutil.org Wed Nov 16 01:17:36 2005
Return-path: <jmm at inutil.org>
Received: from inutil.org ([193.22.164.111] helo=vserver151.vserver151.serverflex.de)
	by spohr.debian.org with esmtp (Exim 4.50)
	id 1EcJQ7-0006Do-Pd
	for submit at bugs.debian.org; Wed, 16 Nov 2005 01:17:35 -0800
Received: from wlan-client-004.informatik.uni-bremen.de ([134.102.116.5] helo=localhost.localdomain)
	by vserver151.vserver151.serverflex.de with esmtpsa (TLS-1.0:RSA_AES_256_CBC_SHA:32)
	(Exim 4.50)
	id 1EcJQ4-0006J7-RE
	for submit at bugs.debian.org; Wed, 16 Nov 2005 10:17:32 +0100
Received: from jmm by localhost.localdomain with local (Exim 4.54)
	id 1EcJPw-0001PW-KK; Wed, 16 Nov 2005 10:17:24 +0100
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Moritz Muehlenhoff <jmm at inutil.org>
To: Debian Bug Tracking System <submit at bugs.debian.org>
Subject: CVE-2005-3186: Integer overflow in gdk-pixbuf's XPM code
X-Mailer: reportbug 3.17
Date: Wed, 16 Nov 2005 10:17:24 +0100
X-Debbugs-Cc: Debian Security Team <team at security.debian.org>
Message-Id: <E1EcJPw-0001PW-KK at localhost.localdomain>
X-SA-Exim-Connect-IP: 134.102.116.5
X-SA-Exim-Mail-From: jmm at inutil.org
X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond expanded to false
Delivered-To: submit at bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,
	X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02

Package: gtk+2.0
Severity: grave
Tags: security
Justification: user security hole

An integer overflow in gdk-pixbuf's XPM rendering code can be exploited
to overwrite the heap and exploit arbitrary code through crafted images.
Please see www.idefense.com/application/poi/display?id=339&type=vulnerabilities
for more details.

Cheers,
        Moritz

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-1-686
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15 at euro (charmap=ISO-8859-15)

---------------------------------------
Received: (at 339431-close) by bugs.debian.org; 16 Nov 2005 17:21:32 +0000
>From katie at ftp-master.debian.org Wed Nov 16 09:21:32 2005
Return-path: <katie at ftp-master.debian.org>
Received: from katie by spohr.debian.org with local (Exim 4.50)
	id 1EcQuC-0002HP-6m; Wed, 16 Nov 2005 09:17:08 -0800
From: Sebastien Bacher <seb128 at debian.org>
To: 339431-close at bugs.debian.org
X-Katie: $Revision: 1.56 $
Subject: Bug#339431: fixed in gtk+2.0 2.6.10-2
Message-Id: <E1EcQuC-0002HP-6m at spohr.debian.org>
Sender: Archive Administrator <katie at ftp-master.debian.org>
Date: Wed, 16 Nov 2005 09:17:08 -0800
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-4.8 required=4.0 tests=BAYES_00,FROM_ENDS_IN_NUMS,
	HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-CrossAssassin-Score: 4

Source: gtk+2.0
Source-Version: 2.6.10-2

We believe that the bug you reported is fixed in the latest version of
gtk+2.0, which is due to be installed in the Debian FTP archive:

gtk+2.0_2.6.10-2.diff.gz
  to pool/main/g/gtk+2.0/gtk+2.0_2.6.10-2.diff.gz
gtk+2.0_2.6.10-2.dsc
  to pool/main/g/gtk+2.0/gtk+2.0_2.6.10-2.dsc
gtk2-engines-pixbuf_2.6.10-2_i386.deb
  to pool/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.10-2_i386.deb
gtk2.0-examples_2.6.10-2_i386.deb
  to pool/main/g/gtk+2.0/gtk2.0-examples_2.6.10-2_i386.deb
libgtk2.0-0-dbg_2.6.10-2_i386.deb
  to pool/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.10-2_i386.deb
libgtk2.0-0_2.6.10-2_i386.deb
  to pool/main/g/gtk+2.0/libgtk2.0-0_2.6.10-2_i386.deb
libgtk2.0-bin_2.6.10-2_i386.deb
  to pool/main/g/gtk+2.0/libgtk2.0-bin_2.6.10-2_i386.deb
libgtk2.0-common_2.6.10-2_all.deb
  to pool/main/g/gtk+2.0/libgtk2.0-common_2.6.10-2_all.deb
libgtk2.0-dev_2.6.10-2_i386.deb
  to pool/main/g/gtk+2.0/libgtk2.0-dev_2.6.10-2_i386.deb
libgtk2.0-doc_2.6.10-2_all.deb
  to pool/main/g/gtk+2.0/libgtk2.0-doc_2.6.10-2_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 339431 at bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sebastien Bacher <seb128 at debian.org> (supplier of updated gtk+2.0 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster at debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed, 16 Nov 2005 16:56:39 +0100
Source: gtk+2.0
Binary: libgtk2.0-dev libgtk2.0-0-dbg gtk2-engines-pixbuf libgtk2.0-0 libgtk2.0-doc gtk2.0-examples libgtk2.0-bin libgtk2.0-common
Architecture: source i386 all
Version: 2.6.10-2
Distribution: unstable
Urgency: medium
Maintainer: Sebastien Bacher <seb128 at debian.org>
Changed-By: Sebastien Bacher <seb128 at debian.org>
Description: 
 gtk2-engines-pixbuf - Pixbuf-based theme for GTK+ 2.x
 gtk2.0-examples - Examples files for the GTK+ 2.0
 libgtk2.0-0 - The GTK+ graphical user interface library
 libgtk2.0-0-dbg - The GTK+ libraries and debugging symbols
 libgtk2.0-bin - The programs for the GTK+ graphical user interface library
 libgtk2.0-common - Common files for the GTK+ graphical user interface library
 libgtk2.0-dev - Development files for the GTK+ library
 libgtk2.0-doc - Documentation for the GTK+ graphical user interface library
Closes: 309437 315083 323209 339431
Changes: 
 gtk+2.0 (2.6.10-2) unstable; urgency=medium
 .
   [ Sebastien Bacher ]
   * Patch from Ubuntu update, thanks Martin Pitt.
   * SECURITY UPDATE: Arbitrary code execution and DoS.
   * Add debian/patches/010_xpm-colors-overflow_CVE-2005-3186.patch:
     - io-xpm.c: Add check to XPM reader to prevent integer overflow for
     specially crafted number of colors (Closes: #339431).
     - CVE-2005-3186
   * Add debian/patches/011_xpm-colors-loop_CVE-2005-2975.patch:
     - io-xpm.c: Fix endless loop with specially crafted number of colors.
     - CVE-2005-2975
 .
   * debian/rules:
     - fix confusing cp usage.
 .
   [ Loic Minier ]
 .
   * Update FSF address. [debian/copyright]
   * Remove "Copyright:" line, the whole file expresses the copyright already.
     (Closes: #323209) [debian/copyright]
   * Backport patch from the 2.8 branch removing the warning introduced
     somewhere in 2.6 when length wraps in calculation in gdk_property_get.
     (Closes: #315083) [debian/patches/064_gdk-property-get-no-warning.patch]
   * Add ${misc:Depends} to all packages.
   * Remove libgtk2.0-0 dependency from libgtk2.0-common to break the circular
     dependency; cross your fingers, don't hold your breath. (Closes: #309437)
Files: 
 3563b30a4289c32184c55ba195036708 2141 libs optional gtk+2.0_2.6.10-2.dsc
 6b971feecb17c4791472aa96acdea3a3 47597 libs optional gtk+2.0_2.6.10-2.diff.gz
 7c5d80d99cae36830180239b26a493fa 3138308 misc optional libgtk2.0-common_2.6.10-2_all.deb
 af323f59755f3e06ffae3e6b13d3e3aa 2328124 doc optional libgtk2.0-doc_2.6.10-2_all.deb
 eb201ab2646f4cea2663316c08514ed2 2052200 libs optional libgtk2.0-0_2.6.10-2_i386.deb
 894a6ec816c55e5bc085d911a55afb8f 18192 misc optional libgtk2.0-bin_2.6.10-2_i386.deb
 fae0ba120610c486f2a5515eeb61f351 2208758 libdevel optional libgtk2.0-dev_2.6.10-2_i386.deb
 7f70323d835bea802bafd6096a610992 3533168 libdevel extra libgtk2.0-0-dbg_2.6.10-2_i386.deb
 4dc3b71e3311d5cffa8496d6790f924b 281144 x11 extra gtk2.0-examples_2.6.10-2_i386.deb
 2e7ece79ea1ec06a22a05de5cf3e7057 65358 graphics optional gtk2-engines-pixbuf_2.6.10-2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDe2QPQxo87aLX0pIRAqNNAJ90/qfcwJjzU3NaowscTVjDY79lZwCgr1jX
1s2lgI1Zb20EQSzGlh2jTDg=
=nUeE
-----END PGP SIGNATURE-----

More information about the Pkg-gnome-maintainers mailing list