Summary: | xfce-base/libxfce4util < 4.4.1-r1 Buffer overflow | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Christian Hoffmann (RETIRED) <hoffie> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED INVALID | ||
Severity: | normal | CC: | xfce |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.xfce.org/documentation/changelogs/4.4.2 | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 201747 | ||
Bug Blocks: |
Description
Christian Hoffmann (RETIRED)
2007-12-04 22:31:29 UTC
backported the fix to 4.4.1-r1 Arches, please test and mark stable xfce-base/libxfce4util-4.4.1-r1. Target keywords : "alpha amd64 arm hppa ia64 mips ppc ppc64 sparc x86" amd64 stable x86 stable alpha/ia64/sparc stable Stable for HPPA. ppc64 stable ppc stable request filed, but we'll probably group all the xfce stuff into one glsa. This is an off-by-one read operation on a stack-based buffer in the xfce_mkdirhier() function, reported by Vegard Nossum. http://thread.gmane.org/gmane.comp.desktop.xfce.devel.version4/14349 I do not see how this could be exploited. Please reopen if you disagree. Does not affect current (2008.0) release. Removing release. |