First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 200350
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Robert Buchholz <rbu@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 200350 depends on: Show dependency tree
Bug 200350 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2007-11-26 00:36 0000 
There's several possible integer overflows in the PNG handling code in Cairo,
at least one of which can be caused by user controlled values when opening
large images, possibly leading to a buffer overflow.

Upstream fixes are here:
http://gitweb.freedesktop.org/?p=cairo;a=commitdiff;h=5c7d2d14d78e4dfb1ef6d2c40f0910f177e07360
http://gitweb.freedesktop.org/?p=cairo;a=commitdiff;h=e49bcde27f88e21d5b8037a0089a226096f6514b

According to upstream, a 1.4.12 release is pending.
Please commit a patched bump to 1.4.10, or 1.4.12 as soon as it's out.

------- Comment #1 From Doug Goldstein 2007-11-29 19:39:29 0000 ------- 
Ebuild is in the tree

------- Comment #2 From Robert Buchholz 2007-11-29 20:21:35 0000 ------- 
Public per $URL.

------- Comment #3 From Robert Buchholz 2007-11-29 20:26:49 0000 ------- 
Arches, please test and mark stable x11-libs/cairo-1.4.12.
Target keywords : "alpha amd64 arm hppa ia64 mips ppc ppc64 s390 sh sparc x86"

I assume 1.5.2 is also affected? If so, there hopefully is a ported fix the
development branch.

------- Comment #4 From Christian Faulhammer 2007-11-30 13:07:24 0000 ------- 
x86 stable

------- Comment #5 From Markus Rothe 2007-11-30 13:32:39 0000 ------- 
ppc64 stable

------- Comment #6 From Jeroen Roovers 2007-11-30 14:09:59 0000 ------- 
Stable for HPPA.

------- Comment #7 From Steve Dibb 2007-11-30 20:29:06 0000 ------- 
amd64 stable

------- Comment #8 From Tobias Scherbaum 2007-11-30 22:40:40 0000 ------- 
ppc stable

------- Comment #9 From Ewgenij Starostin 2007-12-01 01:55:18 0000 ------- 
(In reply to comment #3)
> I assume 1.5.2 is also affected? If so, there hopefully is a ported fix the
> development branch.
The fixes from the two diffs are already in 1.5.2, except those relating to
pixman.

------- Comment #10 From Raúl Porcel 2007-12-04 12:28:31 0000 ------- 
alpha/ia64/sparc stable

------- Comment #11 From Robert Buchholz 2007-12-04 23:42:36 0000 ------- 
*** Bug 201298 has been marked as a duplicate of this bug. ***

------- Comment #12 From Robert Buchholz 2007-12-04 23:44:22 0000 ------- 
glsa request filed

------- Comment #13 From Robert Buchholz 2007-12-05 01:23:42 0000 ------- 
true, for the 1.5 master the changes were introduced long time ago:
http://gitweb.freedesktop.org/?p=cairo;a=commit;h=5c7d2d14d78e4dfb1ef6d2c40f0910f177e07360

------- Comment #14 From Pierre-Yves Rofes 2007-12-09 21:04:03 0000 ------- 
GLSA 200712-04

------- Comment #15 From Peter Volkov 2008-03-06 09:51:57 0000 ------- 
Does not affect current (2008.0) release. Removing release.
First Last Prev Next    No search results available      Search page      Enter new bug