Bug#339431: CVE-2005-3186: Integer overflow in gdk-pixbuf's XPM code

2005-11-21 Thread Martin Schulze
Loic Minier wrote: > On Mon, Nov 21, 2005, Martin Schulze wrote: > > > I found the vulnerability matrix by Moritz Muehlenhoff useful: > > >Woody gtk2 Woody gdk-pixbuf Sarge gtk2 Sarge > > > gdk-pixbuf > > > CVE-2005-29751170 2841170 284 >

Bug#339431: CVE-2005-3186: Integer overflow in gdk-pixbuf's XPM code

2005-11-20 Thread Loic Minier
On Mon, Nov 21, 2005, Martin Schulze wrote: > > I found the vulnerability matrix by Moritz Muehlenhoff useful: > >Woody gtk2 Woody gdk-pixbuf Sarge gtk2 Sarge gdk-pixbuf > > CVE-2005-29751170 2841170 284 > > CVE-2005-29761317 41

Bug#339431: CVE-2005-3186: Integer overflow in gdk-pixbuf's XPM code

2005-11-20 Thread Martin Schulze
Loic Minier wrote: > Sorry for the delay. You can grab the proposed fixes in: > (87M) > MD5: 56148df50af6e28beaca57e4fa3bf6cc Thanks a lot! Packages are building already. > I found the vulnerability matrix by Moritz Muehlenhoff u

Processed: Re: Bug#339431: CVE-2005-3186: Integer overflow in gdk-pixbuf's XPM code

2005-11-20 Thread Debian Bug Tracking System
Processing commands for [EMAIL PROTECTED]: > tags 339431 + pending patch Bug#339431: CVE-2005-3186: Integer overflow in gdk-pixbuf's XPM code Tags were: fixed-in-experimental patch security Tags added: pending, patch > thanks Stopping processing here. Please contact me if you need

Bug#339431: CVE-2005-3186: Integer overflow in gdk-pixbuf's XPM code

2005-11-20 Thread Loic Minier
tags 339431 + pending patch thanks Hi, Sorry for the delay. You can grab the proposed fixes in: (87M) MD5: 56148df50af6e28beaca57e4fa3bf6cc I found the vulnerability matrix by Moritz Muehlenhoff useful: Woo

Bug#339431: CVE-2005-3186: Integer overflow in gdk-pixbuf's XPM code

2005-11-16 Thread Moritz Muehlenhoff
Loic Minier wrote: > The Redhat security advisory also fixes CVE-2005-2975, for which I see > no entry in the Debian changelog, could you please investifate on this > id and report whether gtk1 and gtk2 are affected for Debian? The vulnerability matrix for Woody and Sarge (the entries are the l

Bug#339431: CVE-2005-3186: Integer overflow in gdk-pixbuf's XPM code

2005-11-16 Thread Moritz Muehlenhoff
Loic Minier wrote: > > An integer overflow in gdk-pixbuf's XPM rendering code can be exploited > > to overwrite the heap and exploit arbitrary code through crafted images. > > Please see > > www.idefense.com/application/poi/display?id=339&type=vulnerabilities > > for more details. > > Did you id

Processed: Re: Bug#339431: CVE-2005-3186: Integer overflow in gdk-pixbuf's XPM code

2005-11-16 Thread Debian Bug Tracking System
Processing commands for [EMAIL PROTECTED]: > clone 339431 -1 Bug#339431: CVE-2005-3186: Integer overflow in gdk-pixbuf's XPM code Bug 339431 cloned as bug 339458. > reassign -1 gdk-pixbuf Bug#339458: CVE-2005-3186: Integer overflow in gdk-pixbuf's XPM code Bug reassigned from

Bug#339431: CVE-2005-3186: Integer overflow in gdk-pixbuf's XPM code

2005-11-16 Thread Steve Kemp
On Wed, Nov 16, 2005 at 02:05:11PM +0100, Loic Minier wrote: > Security team, did you start work on CVE-2005-3186 and CVE-2005-2975, > CVE-2005-2976 (not described in this report)? Ubuntu has released some > packages which might help . > Do you need the Gt

Bug#339431: CVE-2005-3186: Integer overflow in gdk-pixbuf's XPM code

2005-11-16 Thread Loic Minier
clone 339431 -1 reassign -1 gdk-pixbuf thanks Hi, I believe gdk-pixbuf is affected as well. I suppose you can grab useful patches from the Ubuntu security fixes: Cheers, -- Loïc Minier <[EMAIL PROTECTED]> "What do we want? BRAINS!When

Bug#339431: CVE-2005-3186: Integer overflow in gdk-pixbuf's XPM code

2005-11-16 Thread Loic Minier
Security team, did you start work on CVE-2005-3186 and CVE-2005-2975, CVE-2005-2976 (not described in this report)? Ubuntu has released some packages which might help . Do you need the Gtk maintainers to prepare an upload for stable? Uploads are being pre

Processed: Re: Bug#339431: CVE-2005-3186: Integer overflow in gdk-pixbuf's XPM code

2005-11-16 Thread Debian Bug Tracking System
Processing commands for [EMAIL PROTECTED]: > tags 339431 + patch Bug#339431: CVE-2005-3186: Integer overflow in gdk-pixbuf's XPM code Tags were: security Tags added: patch > thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system ad

Bug#339431: CVE-2005-3186: Integer overflow in gdk-pixbuf's XPM code

2005-11-16 Thread Loic Minier
tags 339431 + patch thanks On Wed, Nov 16, 2005, Moritz Muehlenhoff wrote: > An integer overflow in gdk-pixbuf's XPM rendering code can be exploited > to overwrite the heap and exploit arbitrary code through crafted images. > Please see > www.idefense.com/application/poi/display?id=339&type=vulne

Bug#339431: CVE-2005-3186: Integer overflow in gdk-pixbuf's XPM code

2005-11-16 Thread Moritz Muehlenhoff
Package: gtk+2.0 Severity: grave Tags: security Justification: user security hole An integer overflow in gdk-pixbuf's XPM rendering code can be exploited to overwrite the heap and exploit arbitrary code through crafted images. Please see www.idefense.com/application/poi/display?id=339&type=vulnera