Your message dated Wed, 23 Mar 2016 21:50:45 +0000
with message-id <[email protected]>
and subject line Bug#799275: fixed in gtk+2.0 2.24.30-1.1
has caused the Debian Bug report #799275,
regarding [GDK] patch - avoid integer overflow when allocating a large block of
memory (CVE-2013-7447)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
799275: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799275
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: gtk+2.0
Version: 2.24.25-3
Severity: serious
Control: tags -1 jessie patch
Control: affects -1 eom
Due to a logic error, an attempt to allocate a large block of memory
fails in gdk_cairo_set_source_pixbuf, leading to a crash of the app
that called it, for example, eom [1].
This issue had been fixed [2] in GTK+3, but the commit never made it
to GTK+2 branch. I've converted it into a patch for GTK+2.
The debdiff is in the attachment. Please apply it in Jessie.
[1] https://github.com/mate-desktop/eom/issues/93
[2]
https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6
gtk2-gdk-debdiff
Description: Binary data
--- End Message ---
--- Begin Message ---
Source: gtk+2.0
Source-Version: 2.24.30-1.1
We believe that the bug you reported is fixed in the latest version of
gtk+2.0, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated gtk+2.0 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 18 Mar 2016 20:20:37 +0100
Source: gtk+2.0
Binary: libgtk2.0-0 libgtk2.0-0-udeb libgtk2.0-common libgtk2.0-bin
libgtk2.0-dev libgtk2.0-0-dbg libgtk2.0-doc gtk2.0-examples gtk2-engines-pixbuf
gir1.2-gtk-2.0 libgail18 libgail-common libgail-dev libgail-dbg libgail-doc
Architecture: source
Version: 2.24.30-1.1
Distribution: unstable
Urgency: medium
Maintainer: Debian GNOME Maintainers
<[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Closes: 799275
Description:
gir1.2-gtk-2.0 - GTK+ graphical user interface library -- gir bindings
gtk2-engines-pixbuf - pixbuf-based theme for GTK+ 2.x
gtk2.0-examples - example files for GTK+ 2.0
libgail-common - GNOME Accessibility Implementation Library -- common modules
libgail-dbg - Gail libraries and debugging symbols
libgail-dev - GNOME Accessibility Implementation Library -- development files
libgail-doc - documentation files of the Gail library
libgail18 - GNOME Accessibility Implementation Library -- shared libraries
libgtk2.0-0 - GTK+ graphical user interface library
libgtk2.0-0-dbg - GTK+ libraries and debugging symbols
libgtk2.0-0-udeb - GTK+ graphical user interface library - minimal runtime
(udeb)
libgtk2.0-bin - programs for the GTK+ graphical user interface library
libgtk2.0-common - common files for the GTK+ graphical user interface library
libgtk2.0-dev - development files for the GTK+ library
libgtk2.0-doc - documentation for the GTK+ graphical user interface library
Changes:
gtk+2.0 (2.24.30-1.1) unstable; urgency=medium
.
* Non-maintainer upload.
* CVE-2013-7447: Integer overflow in image handling (Closes: #799275)
Checksums-Sha1:
7efd06b66fa670a5fa8e3b750cd0fd06a38f8050 3718 gtk+2.0_2.24.30-1.1.dsc
59486cef0ea35d04df980f7cbb678527eabdb0a1 87256
gtk+2.0_2.24.30-1.1.debian.tar.xz
Checksums-Sha256:
648aab214a5521693bed32434bd8733ac8b80497f81f94fb81672f36ac1b2d01 3718
gtk+2.0_2.24.30-1.1.dsc
4a818c201298e18b694964d0cbe68560335ac08842101de99829b74781a4d935 87256
gtk+2.0_2.24.30-1.1.debian.tar.xz
Files:
2c8fffa055cfb8b0cd73e46ef73ecf66 3718 libs optional gtk+2.0_2.24.30-1.1.dsc
ed1c97f86e16f4a983097b31588e2392 87256 libs optional
gtk+2.0_2.24.30-1.1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJW7Fr2AAoJEAVMuPMTQ89EZA4QAIwgYicpccycw8kEeH5F2pNg
ELrMxeIU8Eo/m/4pYIK8tY1wkdkhj465u7MB34UIXMt0829rnQlIUP3KVp254hyh
J/+JdHFQs3tRzdJYoh/CwL3Mx215ZlzwoMQEGZr6RMkZO/+QUii70HGfKK0aWLBH
bddKjFelJg8kxVUEbNhuoZGHnxsrdzYK/QBAY+0ubOfuU6dP++/IMdC2WvgUjvoB
jLlpYxgWgUB8UoRBVKla6ythi5GISrZdNoiTN5PYsSmZRm8ZIYVH9lWO95Qv3OIF
rYOSH4z5XudWEJ13/Sb+3l/lWq1V/h2okjqm4GhUXBv6QyYrLEyGhD01e6J5u2B3
pEC4lDUDUasbKuIBXoYxMJfRmC9q/1Sh8cJxQmO1GsSu0wkAC4nTzb5qEap+Ab6Y
MuW9h4EK4+z7YWQcuw0MSpuuptgYDqSzdDu2LwbNZrfEnhxT9Dyrjw/W7lNW0Khi
XuCjQGb4FLMDJzZY8+7hVKN+xCU/GOcMwi+FxCiG5gt36DX678vLSV/4boyTcJNd
fKKCfO96uzJ6ExFkpKT7/iJWsEOrtvgVpr7oYN6gfgfFmTSuJIlNYl7daR3Pnkpk
T51WqmkSbAJ0MSdGIvyOb02ovIMIlMhxOWfRU/00uS+itH0nIT7wcwaQsk9MPgpn
8rwchpb4WK+FRWrXSHcK
=uYi8
-----END PGP SIGNATURE-----
--- End Message ---
