Gentoo Bug 201293 - xfce-base/xfce4-panel < 4.4.1-r2 Launcher tooltips buffer overflow (CVE-2007-6531)

Bug List: (This bug is not in your last search results) Show last search results Search page Enter new bug

Bug#:	201293
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Christian Hoffmann <hoffie@gentoo.org>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 201293 depends on:	201747		Show dependency tree
Bug 201293 blocks:			Show dependency tree

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2007-12-04 22:51 0000

Upstream changelog for version 4.4.2 lists:
  # Fix possible buffer overflow in launcher tooltips [1]


[1] http://bugzilla.xfce.org/show_bug.cgi?id=3324

------- Comment #1 From Christoph Mende 2007-12-05 10:29:17 0000 -------

backported the fix to 4.4.1-r2

------- Comment #2 From Robert Buchholz 2007-12-05 22:34:07 0000 -------

Arches, please test and mark stable xfce-base/xfce4-panel-4.4.1-r2.
Target keywords : "alpha amd64 arm hppa ia64 mips ppc ppc64 sparc x86"

------- Comment #3 From Christoph Mende 2007-12-05 23:04:20 0000 -------

amd64 stable

------- Comment #4 From Christian Faulhammer 2007-12-06 10:14:49 0000 -------

x86 stable

------- Comment #5 From Jeroen Roovers 2007-12-06 18:18:01 0000 -------

Stable for HPPA.

------- Comment #6 From Raúl Porcel 2007-12-07 11:06:46 0000 -------

alpha/ia64/sparc stable

------- Comment #7 From Markus Rothe 2007-12-07 14:11:40 0000 -------

ppc64 stable

------- Comment #8 From Tobias Scherbaum 2007-12-07 16:55:20 0000 -------

ppc stable

------- Comment #9 From Raúl Porcel 2007-12-08 10:48:11 0000 -------

bah, fail..

------- Comment #10 From Samuli Suominen 2007-12-09 09:07:54 0000 -------

bug 201747

------- Comment #11 From Robert Buchholz 2007-12-22 15:46:31 0000 -------

I do not see how this could be exploited. Please reopen if you disagree.

------- Comment #12 From Robert Buchholz 2007-12-22 15:48:27 0000 -------

Wrong bug for this comment, sorry.

------- Comment #13 From Robert Buchholz 2008-01-08 22:09:33 0000 -------

CVE-2007-6531 was assigned to the tooltips buffer overflow.

------- Comment #14 From Robert Buchholz 2008-01-09 23:31:23 0000 -------

GLSA 200801-06

------- Comment #15 From Peter Volkov 2008-03-06 09:57:00 0000 -------

Does not affect current (2008.0) release. Removing release.

Bug List: (This bug is not in your last search results) Show last search results Search page Enter new bug

Bugzilla Bug 201293

xfce-base/xfce4-panel < 4.4.1-r2 Launcher tooltips buffer overflow (CVE-2007-6531)

Last modified: 2008-03-06 09:57:00 0000