[Bug 19702] CVE-2005-3186: Integer overflow in gdk-pixbuf's XPM code

bugzilla-daemon at bugzilla.ubuntu.com bugzilla-daemon at bugzilla.ubuntu.com
Mon Nov 21 07:32:37 UTC 2005


Please do not reply to this email.  You can add comments at
http://bugzilla.ubuntu.com/show_bug.cgi?id=19702
Ubuntu | gtk+2.0





------- Additional Comments From debzilla at ubuntu.com  2005-11-21 07:32 UTC -------
Message-ID: <20051121064615.GF1123 at finlandia.infodrom.north.de>
Date: Mon, 21 Nov 2005 07:46:15 +0100
From: Martin Schulze <joey at infodrom.org>
To: Loic Minier <lool at dooz.org>
Cc: Moritz Muehlenhoff <jmm at inutil.org>, 339431 at bugs.debian.org,
	team at security.debian.org
Subject: Re: Bug#339431: CVE-2005-3186: Integer overflow in gdk-pixbuf's XPM code

Loic Minier wrote:
>  Sorry for the delay.  You can grab the proposed fixes in:
>     <http://people.dooz.org/~lool/debian/gtk-gdk-cves.tgz> (87M)
>      MD5: 56148df50af6e28beaca57e4fa3bf6cc

Thanks a lot!  Packages are building already.

>  I found the vulnerability matrix by Moritz Muehlenhoff useful:
>                Woody gtk2   Woody gdk-pixbuf   Sarge gtk2   Sarge gdk-pixbuf
> CVE-2005-2975    1170         284                1170         284
> CVE-2005-2976    1317         413                ----         413
> CVE-2005-3186    1255         359                1256         359

What's the meaning of the numbers above?

I had to rebuild the woody packages since you've built them for
'stable-security' instead of 'oldstable-security', and by that
I've also used woody3 instead of woody2.1, so the version is not
needlessly prolongued.

Could you tell us as well which versions in sid fix these problems?

Regards,

	Joey

-- 
If you come from outside of Finland, you live in wrong country.
	-- motd of irc.funet.fi

Please always Cc to me when replying to me on the lists.




-- 
Configure bugmail: http://bugzilla.ubuntu.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.




More information about the desktop-bugs mailing list