** Changed in: gtk+2.0 (Debian)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gtk+2.0 in Ubuntu.
https://bugs.launchpad.net/bugs/1540811
Title:
[GDK] patch - avoid integer overflow when al
** Changed in: gtk+2.0 (Debian)
Status: Confirmed => Fix Committed
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gtk+2.0 in Ubuntu.
https://bugs.launchpad.net/bugs/1540811
Title:
[GDK] patch - avoid integer overflow when alloc
** Branch linked: lp:~ubuntu-desktop/gtk/ubuntu
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gtk+2.0 in Ubuntu.
https://bugs.launchpad.net/bugs/1540811
Title:
[GDK] patch - avoid integer overflow when allocating a large block of
m
Thank you guys!
Hope someone from Debian maintainers will take care of it as well...
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gtk+2.0 in Ubuntu.
https://bugs.launchpad.net/bugs/1540811
Title:
[GDK] patch - avoid integer overflow
This bug was fixed in the package gtk+2.0 - 2.24.28-1ubuntu1.1
---
gtk+2.0 (2.24.28-1ubuntu1.1) wily-security; urgency=medium
* gdkcairo-Avoid-integer-overflow.patch: new patch. Cherry-pick upstream
commit from GTK+3 to avoid integer overflow when allocating a large block
of
This bug was fixed in the package gtk+2.0 - 2.24.10-0ubuntu6.3
---
gtk+2.0 (2.24.10-0ubuntu6.3) precise-security; urgency=low
* gdkcairo-Avoid-integer-overflow.patch: new patch. Cherry-pick upstream
commit from GTK+3 to avoid integer overflow when allocating a large block
of
This bug was fixed in the package gtk+2.0 - 2.24.23-0ubuntu1.4
---
gtk+2.0 (2.24.23-0ubuntu1.4) trusty-security; urgency=medium
* gdkcairo-Avoid-integer-overflow.patch: new patch. Cherry-pick upstream
commit from GTK+3 to avoid integer overflow when allocating a large block
This bug was fixed in the package gtk+3.0 - 3.4.2-0ubuntu0.9
---
gtk+3.0 (3.4.2-0ubuntu0.9) precise-security; urgency=medium
* SECURITY UPDATE: integer overflow via large sized image (LP: #1540811)
- debian/patches/CVE-2013-7447.patch: use g_malloc_n in
gdk_cairo_set_sourc
** Changed in: gtk+3.0 (Ubuntu Trusty)
Importance: Undecided => Medium
** Changed in: gtk+3.0 (Ubuntu Wily)
Importance: Undecided => Medium
** Changed in: gtk+3.0 (Ubuntu Xenial)
Importance: Undecided => Medium
--
You received this bug notification because you are a member of Desktop
P
** Changed in: gtk+2.0 (Debian)
Status: New => Confirmed
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gtk+2.0 in Ubuntu.
https://bugs.launchpad.net/bugs/1540811
Title:
[GDK] patch - avoid integer overflow when allocating a la
** Also affects: gtk+3.0 (Ubuntu)
Importance: Undecided
Status: New
** Changed in: gtk+3.0 (Ubuntu Precise)
Importance: Undecided => Medium
** Changed in: gtk+3.0 (Ubuntu Precise)
Status: New => Confirmed
** Changed in: gtk+3.0 (Ubuntu Precise)
Assignee: (unassigned) =>
Since this is a security update, I'll sponsor these as security updates,
and not as SRUs.
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-7447
** Also affects: gtk+2.0 (Ubuntu Precise)
Importance: Undecided
Status: New
** Also affects: gtk+2.0 (Ubuntu Trusty)
I
This bug was fixed in the package gtk+2.0 - 2.24.29-1ubuntu2
---
gtk+2.0 (2.24.29-1ubuntu2) xenial; urgency=medium
* gdkcairo-Avoid-integer-overflow.patch: new patch. Cherry-pick upstream
commit from GTK+3 to avoid integer overflow when allocating a large block
of memory in
I've requested CVEs here http://www.openwall.com/lists/oss-
security/2016/02/10/2
It appears this flaw was copy-pasted to a lot of programs.
Thanks
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gtk+2.0 in Ubuntu.
https://bugs.launchpa
Do you know if this issue has a CVE assigned yet? I didn't see one in
the linked bug reports but those references may not have migrated to
those sources yet.
Thanks
** Information type changed from Public to Public Security
--
You received this bug notification because you are a member of Deskt
Thank you for your work. I've sponsored the xenial update (with a
modified changelog, we don't have designed maintainers/NMUs in Ubuntu,
also I tweaked the version number to not be .1 and listed the bug
reference).
Once the update gets some testing in xenial we can look at the SRUs
Note that it w
** Changed in: gtk
Status: Unknown => Fix Released
** Changed in: gtk
Importance: Unknown => Low
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gtk+2.0 in Ubuntu.
https://bugs.launchpad.net/bugs/1540811
Title:
[GDK] patch -
** Changed in: gtk+2.0 (Ubuntu)
Importance: Undecided => High
** Changed in: gtk+2.0 (Ubuntu)
Status: New => Triaged
** Bug watch added: GNOME Bug Tracker #703220
https://bugzilla.gnome.org/show_bug.cgi?id=703220
** Also affects: gtk via
https://bugzilla.gnome.org/show_bug.cgi?id
The attachment "debdiff with the fix for Precise" seems to be a debdiff.
The ubuntu-sponsors team has been subscribed to the bug report so that
they can review and hopefully sponsor the debdiff. If the attachment
isn't a patch, please remove the "patch" flag from the attachment,
remove the "patch"
** Changed in: gtk+2.0 (Debian)
Status: Unknown => New
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gtk+2.0 in Ubuntu.
https://bugs.launchpad.net/bugs/1540811
Title:
[GDK] patch - avoid integer overflow when allocating a larg
** Attachment added: "debdiff with the fix for Wily"
https://bugs.launchpad.net/ubuntu/+source/gtk+2.0/+bug/1540811/+attachment/4561948/+files/gtk2-gdk-wily-debdiff
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gtk+2.0 in Ubuntu.
ht
** Attachment added: "debdiff with the fix for Trusty"
https://bugs.launchpad.net/ubuntu/+source/gtk+2.0/+bug/1540811/+attachment/4561947/+files/gtk2-gdk-trusty-debdiff
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gtk+2.0 in Ubuntu
** Attachment added: "debdiff with the fix for Xenial"
https://bugs.launchpad.net/ubuntu/+source/gtk+2.0/+bug/1540811/+attachment/4561950/+files/gtk2-gdk-xenial-debdiff
** Bug watch added: Debian Bug tracker #799275
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799275
** Also affects: g
** Attachment added: "debdiff with the fix for Precise"
https://bugs.launchpad.net/ubuntu/+source/gtk+2.0/+bug/1540811/+attachment/4561946/+files/gtk2-gdk-precise-debdiff
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gtk+2.0 in Ubun
24 matches
Mail list logo