"infamous41md" discovered a heap buffer overflow vulnerability in libgsf, a GNOME library for reading and writing structured file formats, which could lead to the execution of arbitrary code.
Additional info: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=446 Upstreams patch: http://cvs.gnome.org/viewcvs/libgsf/gsf/gsf-infile-msole.c?r1=1.73&r2=1.74 But there are also new upstream versions. Gnome team please provide new ebuilds, thanks
libgsf 1.14.2 was already in portage and since there are no open issues concerning it, I see no problem putting it up for stabilisation.
arches, please test and stable libgsf-1.14.2. thanks!
@Stefan, perhaps it is easer for arches if we actually call them ;-) Target keywords are: libgsf-1.14.2.ebuild:KEYWORDS="alpha amd64 arm hppa ia64 ppc ppc64 sh sparc x86"
x86 done
sparc stable.
ppc stable
ppc64 stable
Stable for HPPA.
amd64 stable
Alpha gives a bit of love here.
GLSA 200612-13
ia64 done