** Changed in: gtk+2.0 (Debian)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu.
https://bugs.launchpad.net/bugs/1540811
Title:
[GDK] patch - avoid integer
** Changed in: gtk+2.0 (Debian)
Status: Confirmed => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu.
https://bugs.launchpad.net/bugs/1540811
Title:
[GDK] patch - avoid integer
** Branch linked: lp:~ubuntu-desktop/gtk/ubuntu
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu.
https://bugs.launchpad.net/bugs/1540811
Title:
[GDK] patch - avoid integer overflow when allocating a large
This bug was fixed in the package gtk+2.0 - 2.24.28-1ubuntu1.1
---
gtk+2.0 (2.24.28-1ubuntu1.1) wily-security; urgency=medium
* gdkcairo-Avoid-integer-overflow.patch: new patch. Cherry-pick upstream
commit from GTK+3 to avoid integer overflow when allocating a large block
This bug was fixed in the package gtk+2.0 - 2.24.10-0ubuntu6.3
---
gtk+2.0 (2.24.10-0ubuntu6.3) precise-security; urgency=low
* gdkcairo-Avoid-integer-overflow.patch: new patch. Cherry-pick upstream
commit from GTK+3 to avoid integer overflow when allocating a large block
This bug was fixed in the package gtk+2.0 - 2.24.23-0ubuntu1.4
---
gtk+2.0 (2.24.23-0ubuntu1.4) trusty-security; urgency=medium
* gdkcairo-Avoid-integer-overflow.patch: new patch. Cherry-pick upstream
commit from GTK+3 to avoid integer overflow when allocating a large block
This bug was fixed in the package gtk+3.0 - 3.4.2-0ubuntu0.9
---
gtk+3.0 (3.4.2-0ubuntu0.9) precise-security; urgency=medium
* SECURITY UPDATE: integer overflow via large sized image (LP: #1540811)
- debian/patches/CVE-2013-7447.patch: use g_malloc_n in
** Changed in: gtk+3.0 (Ubuntu Trusty)
Importance: Undecided => Medium
** Changed in: gtk+3.0 (Ubuntu Wily)
Importance: Undecided => Medium
** Changed in: gtk+3.0 (Ubuntu Xenial)
Importance: Undecided => Medium
--
You received this bug notification because you are a member of Ubuntu
Since this is a security update, I'll sponsor these as security updates,
and not as SRUs.
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-7447
** Also affects: gtk+2.0 (Ubuntu Precise)
Importance: Undecided
Status: New
** Also affects: gtk+2.0 (Ubuntu Trusty)
** Changed in: gtk+2.0 (Debian)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gtk+3.0 in Ubuntu.
https://bugs.launchpad.net/bugs/1540811
Title:
[GDK] patch - avoid integer overflow when
** Also affects: gtk+3.0 (Ubuntu)
Importance: Undecided
Status: New
** Changed in: gtk+3.0 (Ubuntu Precise)
Importance: Undecided => Medium
** Changed in: gtk+3.0 (Ubuntu Precise)
Status: New => Confirmed
** Changed in: gtk+3.0 (Ubuntu Precise)
Assignee: (unassigned) =>
This bug was fixed in the package gtk+2.0 - 2.24.29-1ubuntu2
---
gtk+2.0 (2.24.29-1ubuntu2) xenial; urgency=medium
* gdkcairo-Avoid-integer-overflow.patch: new patch. Cherry-pick upstream
commit from GTK+3 to avoid integer overflow when allocating a large block
of memory in
I've requested CVEs here http://www.openwall.com/lists/oss-
security/2016/02/10/2
It appears this flaw was copy-pasted to a lot of programs.
Thanks
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu.
Thank you for your work. I've sponsored the xenial update (with a
modified changelog, we don't have designed maintainers/NMUs in Ubuntu,
also I tweaked the version number to not be .1 and listed the bug
reference).
Once the update gets some testing in xenial we can look at the SRUs
Note that it
Do you know if this issue has a CVE assigned yet? I didn't see one in
the linked bug reports but those references may not have migrated to
those sources yet.
Thanks
** Information type changed from Public to Public Security
--
You received this bug notification because you are a member of
** Changed in: gtk+2.0 (Ubuntu)
Importance: Undecided => High
** Changed in: gtk+2.0 (Ubuntu)
Status: New => Triaged
** Bug watch added: GNOME Bug Tracker #703220
https://bugzilla.gnome.org/show_bug.cgi?id=703220
** Also affects: gtk via
** Changed in: gtk
Status: Unknown => Fix Released
** Changed in: gtk
Importance: Unknown => Low
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu.
https://bugs.launchpad.net/bugs/1540811
Title:
** Attachment added: "debdiff with the fix for Xenial"
https://bugs.launchpad.net/ubuntu/+source/gtk+2.0/+bug/1540811/+attachment/4561950/+files/gtk2-gdk-xenial-debdiff
** Bug watch added: Debian Bug tracker #799275
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799275
** Also affects:
** Attachment added: "debdiff with the fix for Trusty"
https://bugs.launchpad.net/ubuntu/+source/gtk+2.0/+bug/1540811/+attachment/4561947/+files/gtk2-gdk-trusty-debdiff
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to
** Attachment added: "debdiff with the fix for Precise"
https://bugs.launchpad.net/ubuntu/+source/gtk+2.0/+bug/1540811/+attachment/4561946/+files/gtk2-gdk-precise-debdiff
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to
** Attachment added: "debdiff with the fix for Wily"
https://bugs.launchpad.net/ubuntu/+source/gtk+2.0/+bug/1540811/+attachment/4561948/+files/gtk2-gdk-wily-debdiff
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gtk+2.0
** Changed in: gtk+2.0 (Debian)
Status: Unknown => New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu.
https://bugs.launchpad.net/bugs/1540811
Title:
[GDK] patch - avoid integer overflow when
The attachment "debdiff with the fix for Precise" seems to be a debdiff.
The ubuntu-sponsors team has been subscribed to the bug report so that
they can review and hopefully sponsor the debdiff. If the attachment
isn't a patch, please remove the "patch" flag from the attachment,
remove the
23 matches
Mail list logo