Your message dated Fri, 25 Mar 2016 11:17:08 +0000
with message-id <[email protected]>
and subject line Bug#799275: fixed in gtk+2.0 2.24.25-3+deb8u1
has caused the Debian Bug report #799275,
regarding [GDK] patch - avoid integer overflow when allocating a large block of
memory (CVE-2013-7447)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
799275: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799275
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: gtk+2.0
Version: 2.24.25-3
Severity: serious
Control: tags -1 jessie patch
Control: affects -1 eom
Due to a logic error, an attempt to allocate a large block of memory
fails in gdk_cairo_set_source_pixbuf, leading to a crash of the app
that called it, for example, eom [1].
This issue had been fixed [2] in GTK+3, but the commit never made it
to GTK+2 branch. I've converted it into a patch for GTK+2.
The debdiff is in the attachment. Please apply it in Jessie.
[1] https://github.com/mate-desktop/eom/issues/93
[2]
https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6
gtk2-gdk-debdiff
Description: Binary data
--- End Message ---
--- Begin Message ---
Source: gtk+2.0
Source-Version: 2.24.25-3+deb8u1
We believe that the bug you reported is fixed in the latest version of
gtk+2.0, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Moritz Mühlenhoff <[email protected]> (supplier of updated gtk+2.0 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 17 Mar 2016 00:17:18 +0100
Source: gtk+2.0
Binary: libgtk2.0-0 libgtk2.0-0-udeb libgtk2.0-common libgtk2.0-bin
libgtk2.0-dev libgtk2.0-0-dbg libgtk2.0-doc gtk2.0-examples gtk2-engines-pixbuf
gir1.2-gtk-2.0 libgail18 libgail-common libgail-dev libgail-dbg libgail-doc
Architecture: source all amd64
Version: 2.24.25-3+deb8u1
Distribution: jessie
Urgency: medium
Maintainer: Debian GNOME Maintainers
<[email protected]>
Changed-By: Moritz Mühlenhoff <[email protected]>
Description:
gir1.2-gtk-2.0 - GTK+ graphical user interface library -- gir bindings
gtk2-engines-pixbuf - pixbuf-based theme for GTK+ 2.x
gtk2.0-examples - example files for GTK+ 2.0
libgail-common - GNOME Accessibility Implementation Library -- common modules
libgail-dbg - Gail libraries and debugging symbols
libgail-dev - GNOME Accessibility Implementation Library -- development files
libgail-doc - documentation files of the Gail library
libgail18 - GNOME Accessibility Implementation Library -- shared libraries
libgtk2.0-0 - GTK+ graphical user interface library
libgtk2.0-0-dbg - GTK+ libraries and debugging symbols
libgtk2.0-0-udeb - GTK+ graphical user interface library - minimal runtime
(udeb)
libgtk2.0-bin - programs for the GTK+ graphical user interface library
libgtk2.0-common - common files for the GTK+ graphical user interface library
libgtk2.0-dev - development files for the GTK+ library
libgtk2.0-doc - documentation for the GTK+ graphical user interface library
Closes: 799275
Changes:
gtk+2.0 (2.24.25-3+deb8u1) jessie; urgency=medium
.
* CVE-2013-7447 (Closes: #799275)
Checksums-Sha1:
16645ece062912029550a7c668ba1e8a47b53537 3699 gtk+2.0_2.24.25-3+deb8u1.dsc
48086f8456696ba1e5b579948be28191108c271d 91480
gtk+2.0_2.24.25-3+deb8u1.debian.tar.xz
6d757f829918c71705c74d15afe848481f1d13c3 3185238
libgtk2.0-common_2.24.25-3+deb8u1_all.deb
bb61f757b8a5897ac5017202cdb72586634a12ea 2836134
libgtk2.0-doc_2.24.25-3+deb8u1_all.deb
b9cec5869b7fabd14f5cc07050360029af930019 539500
libgail-doc_2.24.25-3+deb8u1_all.deb
9fb99402ff3823c8874a24bd2c2dd4e95ba96077 2306034
libgtk2.0-0_2.24.25-3+deb8u1_amd64.deb
a12d1000e23164b3553fa70650fb23fa44627ecf 1684274
libgtk2.0-0-udeb_2.24.25-3+deb8u1_amd64.udeb
34b0d2ee5d2482a359b0a7cdce09f7eedfab39eb 534344
libgtk2.0-bin_2.24.25-3+deb8u1_amd64.deb
f2dd732d36896bbb2757ef46bf3a6f99eebe1113 3126956
libgtk2.0-dev_2.24.25-3+deb8u1_amd64.deb
e80479f5e47d2dcdf65a4d9ef8a8c8abd9f58c09 5104816
libgtk2.0-0-dbg_2.24.25-3+deb8u1_amd64.deb
93b2faf8ab0aa69a9051c7ad8cc445c1721fdd22 773408
gtk2.0-examples_2.24.25-3+deb8u1_amd64.deb
075dd392334348f7c4f2ddfa932c20eeb7be2835 543836
gtk2-engines-pixbuf_2.24.25-3+deb8u1_amd64.deb
36a9c3799de0ef3a6f8a831ee385ce6c51aed03c 696226
gir1.2-gtk-2.0_2.24.25-3+deb8u1_amd64.deb
32e5473b840c21792add4b46b6991280429ac4d3 539094
libgail18_2.24.25-3+deb8u1_amd64.deb
ff8d7b36d12f31d540ea4389dbb2934a2c097c07 637226
libgail-common_2.24.25-3+deb8u1_amd64.deb
f9a79e26fa173a696b932a9e16d34a7e45fc4251 539250
libgail-dev_2.24.25-3+deb8u1_amd64.deb
5dc84b3e10024a65d5a87d103f6a838a5ae854ab 969920
libgail-dbg_2.24.25-3+deb8u1_amd64.deb
Checksums-Sha256:
d641410a476fb70739d56d0a2be9aa8afdf8a798592badb37ea51ce621b25eee 3699
gtk+2.0_2.24.25-3+deb8u1.dsc
3c205a052efd9b18fc92c596208141f77e76e9356edc85406db1e1c57d666531 91480
gtk+2.0_2.24.25-3+deb8u1.debian.tar.xz
e477db0af9bef41f7562b6e14db51232bb3716023d60b0c641292b6b195ff5e6 3185238
libgtk2.0-common_2.24.25-3+deb8u1_all.deb
cc6ced93c0ab1019bda8c76612b8629ac842aadaebae25f29ad5fd0aabd09faa 2836134
libgtk2.0-doc_2.24.25-3+deb8u1_all.deb
f9959b2a75d0bbde9c9a791999e82b4c35390fbeba0422b1102e3d9dae08f74d 539500
libgail-doc_2.24.25-3+deb8u1_all.deb
359cbe468f827bbe4618e87da36f965ec038af62387e05c061f92e55ca2ba1b5 2306034
libgtk2.0-0_2.24.25-3+deb8u1_amd64.deb
fe66bb4697a53edbed9d06082b7ba7447c5b0162264484b57d67ea859c39a69e 1684274
libgtk2.0-0-udeb_2.24.25-3+deb8u1_amd64.udeb
175bd73f6cfec467c17e0b2f5f91ffb19a74d6615a0513ade932b63fe32b3e49 534344
libgtk2.0-bin_2.24.25-3+deb8u1_amd64.deb
3ae18e7d0ada64f47bba92d71ed69e5398a69a205ab7a72613a367995581c7c9 3126956
libgtk2.0-dev_2.24.25-3+deb8u1_amd64.deb
96a130e697df8e094f60ac7f00f1e7de401657955897b205d4d717aff95cc8e3 5104816
libgtk2.0-0-dbg_2.24.25-3+deb8u1_amd64.deb
5fddeb91f62ee59b8b64c2c341daec0ddcafe893d853ecddb534877735a210f3 773408
gtk2.0-examples_2.24.25-3+deb8u1_amd64.deb
fc9677499cae621db5427aa030a63e36cc6fae05b10359b60e1e8626251fec29 543836
gtk2-engines-pixbuf_2.24.25-3+deb8u1_amd64.deb
064f741c9021be98600fb8559881854eeeb20c0084a7847320c0c4292a86ed00 696226
gir1.2-gtk-2.0_2.24.25-3+deb8u1_amd64.deb
95a179e5e0d8b1b441c28ab0ff619066c56811a30ce8792fdbc1d604246b5745 539094
libgail18_2.24.25-3+deb8u1_amd64.deb
e9da913881514a793d0ce9eb322abb981992f31e54a5071c5c960df0f8b057b3 637226
libgail-common_2.24.25-3+deb8u1_amd64.deb
32fd7fecd48cd239d0755e90b9a957821bd3bb3fd121beac7ec1486e163f7fc8 539250
libgail-dev_2.24.25-3+deb8u1_amd64.deb
0b5cc43b356b360469c96e24f375e98c6cbafc7b621939b1419bded57d3d42ad 969920
libgail-dbg_2.24.25-3+deb8u1_amd64.deb
Files:
68c1e06efd09f72040fbdb7db4fd9a5f 3699 libs optional
gtk+2.0_2.24.25-3+deb8u1.dsc
30fb10e830f8507fd3097f287edb779e 91480 libs optional
gtk+2.0_2.24.25-3+deb8u1.debian.tar.xz
37eca1c7503934fda0a530359af1f111 3185238 misc optional
libgtk2.0-common_2.24.25-3+deb8u1_all.deb
6f080a25d1d864e163632d7982b1c621 2836134 doc optional
libgtk2.0-doc_2.24.25-3+deb8u1_all.deb
be1cb9e86bf62113630dda769cdb8e30 539500 doc optional
libgail-doc_2.24.25-3+deb8u1_all.deb
c5198beab4b5df81873b7fb503712e09 2306034 libs optional
libgtk2.0-0_2.24.25-3+deb8u1_amd64.deb
18701953e43f5d032c159f2e38923d25 1684274 debian-installer extra
libgtk2.0-0-udeb_2.24.25-3+deb8u1_amd64.udeb
7e22d2079fb25114ccdc8c9c76b72e6a 534344 misc optional
libgtk2.0-bin_2.24.25-3+deb8u1_amd64.deb
7a9e49d327daac2b79089d3482f0daba 3126956 libdevel optional
libgtk2.0-dev_2.24.25-3+deb8u1_amd64.deb
25c63c346060b7e46ca28efaccc4157a 5104816 debug extra
libgtk2.0-0-dbg_2.24.25-3+deb8u1_amd64.deb
2d6dfd639556aa87ac0f44bc54930a58 773408 x11 extra
gtk2.0-examples_2.24.25-3+deb8u1_amd64.deb
a747795a365705fd6b8853ec723b6841 543836 graphics optional
gtk2-engines-pixbuf_2.24.25-3+deb8u1_amd64.deb
2633734a1070a7897bcfd987bb3a4012 696226 introspection optional
gir1.2-gtk-2.0_2.24.25-3+deb8u1_amd64.deb
ff74bf6b1e028b11d180866cb2ab54ae 539094 libs optional
libgail18_2.24.25-3+deb8u1_amd64.deb
a6bbaedbd70a840c6e70a04748582011 637226 libs optional
libgail-common_2.24.25-3+deb8u1_amd64.deb
ef88679af3c63c353b1aa2106f4527c4 539250 libdevel optional
libgail-dev_2.24.25-3+deb8u1_amd64.deb
7ac3ee568ac49611d3a3c3e829b03608 969920 debug extra
libgail-dbg_2.24.25-3+deb8u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJW9FldAAoJEBDCk7bDfE42GvsP/2RVZcgIwkuKQQ2Yf3NpdKIb
jmwU9jsMgcBFf8Af/TNS/TRS8HMoiUxE1FXoq3E36GiC7rxiEq2ySaXGAtVaDxHo
tingc24r04felNfmSCDmtkgyHvqPyUVQ6eKHQtTTbvRBkz1HcXJeE0jgggI6Ezlc
NjeGApT/16VqnEubipHAjWOxOoHqfSaab1e5R+GMl350tgexxaSv+dal4c2ecHiD
Eg5sx8XZS6R9MACUgj0tYyoUBjZK+xoZVmxV78hySBJepbPr1szyUtrf5RaMuSGk
lOSxVw3dZSB6XZPUZjaLSJl14VodJF9/rgK6hIbqzJFTtkf7CNNIIqdldUq86OOA
LhlIZin9UfT5S1JD4oNdITT4GBZplR3YYasyJPqAVS/LD9TEEfkx6eu2rT1HEMt5
rs+8BKWwvmOMGnU920pgZzKrvP2c1gpaKN2TUEUjmyqvnipgdIP1AYwPwZS6pff9
FYFSFw+DMY3ZFffBIfTWtxsnVWbitBnIKb0gvk/V5AassNbqOx1hkOdKz90747li
JfG7mK/YnuxnDp5ExvoAasBxR/MNqPiK2jZj/0b4fD1V9AUzP/X1FxCVg5+YOQJc
FqJcNw65v/nRVT/a0qMIH1hKi8wnZbOm+k0Xx0YIZR9ZezVgmnhA+PccJeei4QrB
ek8fquNQqapCUOUJjRHS
=vq0m
-----END PGP SIGNATURE-----
--- End Message ---
