Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 574378 - <media-gfx/gnome-photos-3.18.3-r1: integer overflow (CVE-2013-7447)
Summary: <media-gfx/gnome-photos-3.18.3-r1: integer overflow (CVE-2013-7447)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://bugzilla.gnome.org/show_bug.c...
Whiteboard: B3 [noglsa]
Keywords:
Depends on: 579334
Blocks: CVE-2013-7447
  Show dependency tree
 
Reported: 2016-02-10 21:47 UTC by Kristian Fiskerstrand (RETIRED)
Modified: 2016-07-03 00:00 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Kristian Fiskerstrand (RETIRED) gentoo-dev 2016-02-10 21:47:30 UTC 
media-gfx/gnome-photos is vulnerable to CVE-2013-7447

See tracking bug for details.

##
kflaptop gnome-photos-3.16.3 # grep -r "cairo_pixels" -- *
src/photos-print-preview.c:  guchar *cairo_pixels;
src/photos-print-preview.c:  cairo_pixels = g_malloc (height * cairo_stride);
Comment 1 Pacho Ramos gentoo-dev 2016-04-03 10:14:02 UTC 
[master ff2ed4d] media-gfx/gnome-photos: Version bump
 2 files changed, 60 insertions(+)
 create mode 100644 media-gfx/gnome-photos/gnome-photos-3.18.3.ebuild

3.18.3 fixes this
Comment 2 Pacho Ramos gentoo-dev 2016-04-09 11:01:33 UTC 
[master 352204f] media-gfx/gnome-photos: Fix dependencies (#579334 by ago)
 1 file changed, 4 insertions(+), 4 deletions(-)
 rename media-gfx/gnome-photos/{gnome-photos-3.18.3.ebuild => gnome-photos-3.18.3-r1.ebuild} (87%)
Comment 3 Agostino Sarubbo gentoo-dev 2016-04-11 10:21:44 UTC 
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2016-04-11 10:41:26 UTC 
x86 stable.

Maintainer(s), please cleanup.
Comment 5 Aaron Bauman (RETIRED) gentoo-dev 2016-06-21 06:24:48 UTC 
GLSA Vote: No

@maintainer(s), can this be cleaned up yet?
Comment 6 Pacho Ramos gentoo-dev 2016-07-02 15:16:49 UTC 
old version dropped
Comment 7 Aaron Bauman (RETIRED) gentoo-dev 2016-07-03 00:00:56 UTC 
(In reply to Pacho Ramos from comment #6)
> old version dropped

Thanks, Pacho!