Summary: | <x11-libs/wxGTK-2.8.10.1-r1 wxImage::Create() arbitrary code execution (CVE-2009-2369) | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Stefan Behte (RETIRED) <craig> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | normal | CC: | wxwidgets | ||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
URL: | http://trac.wxwidgets.org/ticket/10993 | ||||||
Whiteboard: | B2 [glsa] | ||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
Stefan Behte (RETIRED)
2009-07-13 21:56:38 UTC
upstream bug: http://trac.wxwidgets.org/ticket/10993 Created attachment 198446 [details, diff]
wxGTK-2.8.10.1-CVE-2009-2369.patch
Fixed in 2.8.10.1-r1. Arches, please test and mark stable: =x11-libs/wxGTK-2.8.10.1-r1 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sh sparc x86" Ryan, what about the 2.6 slot? The patch applies there as well (with fuzz). Stable on alpha. ppc stable oops, also fixed in 2.6.4.0-r5. alpha and ppc, can you stabilize that version as well? x86 stable (In reply to comment #8) > oops, also fixed in 2.6.4.0-r5. alpha and ppc, can you stabilize that version > as well? Stable on alpha. I've marked 2.6.4.0-r5 and 10.1-r1 stable for sparc. But I *think* we're really using wxGTK-2.8.10.1-r1. I guess this thing is slotted, but it is not clear from the request here what you want. Thus, I'm not removing the CC. I don't know what you are asking for. I've marked stable versions which seem to work. Stable for HPPA. arm/ia64/sh stable Ferris: there are two slots. stabilize the latest version in each. it looks like there was an 2.8.10.1-r2 ebuild added by jokey a couple days ago. i just removed it, so please ignore it if you see it. sorry for the confusion. (In reply to comment #15) > it looks like there was an 2.8.10.1-r2 ebuild added by jokey a couple days ago. > i just removed it, so please ignore it if you see it. sorry for the > confusion. Please rebuild the manifest as well, 2.8.10.1-r2 is still in there (as of revision 1.291). And a note in the ChangeLog (which mentions the addition of -r2) about the removal and its reasons would have been nice. ppc64 done on both amd64 stable for both sparc is done. 2.8.10 is good to go. ppc needs to stabilize 2.6.4.0-r5. ppc stable Removing ppc as it has been stabilized by nixut. Bug is ready to be fixed by security team. B2 -> GLSA request filed. GLSA 201009-01 |