Gentoo Bug 217232 - net-print/cups <1.2.12-r8 Image filter integer overflow (CVE-2008-1722)

Bug List: (This bug is not in your last search results) Show last search results Search page Enter new bug

Bug#:	217232
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Robert Buchholz <rbu@gentoo.org>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 217232 depends on:			Show dependency tree
Bug 217232 blocks:			Show dependency tree

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2008-04-10 23:06 0000

CVE-2008-1722 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1722):
  Multiple integer overflows in (1) filter/image-png.c and (2)
  filter/image-zoom.c in CUPS 1.3 allow attackers to cause a denial of service
  (crash) and trigger memory corruption, as demonstrated via a crafted PNG
  image.

------- Comment #1 From Timo Gurr 2008-04-14 20:50:20 0000 -------

Fixed in:
 * cups-1.2.12-r8.ebuild
 * cups-1.3.7-r1.ebuild

------- Comment #2 From Robert Buchholz 2008-04-14 20:55:51 0000 -------

Arches, please test and mark stable:
=net-print/cups-1.2.12-r8
Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 release s390 sh
sparc x86"

------- Comment #3 From Markus Rothe 2008-04-15 05:40:53 0000 -------

ppc64 stable

------- Comment #4 From Ferris McCormick 2008-04-15 13:29:50 0000 -------

Sparc stable (tested remote only, {.ps, .pdf}).

------- Comment #5 From Jeroen Roovers 2008-04-15 16:20:07 0000 -------

Stable for HPPA.

------- Comment #6 From Tobias Scherbaum 2008-04-16 17:51:38 0000 -------

ppc stable

------- Comment #7 From Tobias Klausmann 2008-04-16 19:01:31 0000 -------

Stable on alpha.

------- Comment #8 From Markus Meier 2008-04-17 00:59:22 0000 -------

amd64/x86 stable

------- Comment #9 From Matthias Geerdsen 2008-04-17 10:27:19 0000 -------

GLSA request filed

------- Comment #10 From Matthias Geerdsen 2008-04-17 11:04:20 0000 -------

This is the upstream bug for the issue: http://www.cups.org/str.php?L2790

------- Comment #11 From Raúl Porcel 2008-04-17 11:13:55 0000 -------

ia64 stable

------- Comment #12 From Matthias Geerdsen 2008-04-19 00:18:44 0000 -------

GLSA 200804-23

thanks everyone

------- Comment #13 From Peter Volkov 2008-04-21 08:06:02 0000 -------

Fixed in release snapshot.

Bug List: (This bug is not in your last search results) Show last search results Search page Enter new bug

Bugzilla Bug 217232

net-print/cups <1.2.12-r8 Image filter integer overflow (CVE-2008-1722)

Last modified: 2008-04-21 08:06:02 0000