Gentoo Bug 66647 - x11-libs/lesstif integer and stack overflows [DSA 560-1]

Bug List: (This bug is not in your last search results) Show last search results Search page Enter new bug

Bug#:	66647
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Marc Vila <marc.vila@gmail.com>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 66647 depends on:			Show dependency tree
Bug 66647 blocks:			Show dependency tree

Votes:	0 Show votes for this bug Vote for this bug

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2004-10-07 07:01 0000

Chris Evans discovered several stack and integer overflows in the
libXpm library which is included in LessTif.

CVE ID         : CAN-2004-0687 CAN-2004-0688
CERT advisory  : VU#537878 VU#882750

http://www.debian.org/security/2004/dsa-560

Reproducible: Always
Steps to Reproduce:
1.
2.
3.

------- Comment #1 From Luke Macken (RETIRED) 2004-10-07 07:11:16 0000 -------

See also: http://www.securitytracker.com/alerts/2004/Sep/1011435.html

lanius, please bump to 0.93.96

------- Comment #2 From Heinrich Wendel (RETIRED) 2004-10-07 07:50:19 0000 -------

bumped to 0.93.97

------- Comment #3 From Luke Macken (RETIRED) 2004-10-07 08:08:23 0000 -------

even better, thanks Heinrich!

archs, please mark 0.93.97 stable.

------- Comment #4 From Gustavo Zacarias (RETIRED) 2004-10-07 10:40:20 0000 -------

sparc tasty.

------- Comment #5 From Jeremy Huddleston (RETIRED) 2004-10-07 15:01:45 0000 -------

stable amd64

------- Comment #6 From Guy Martin 2004-10-07 16:29:54 0000 -------

done on hppa

------- Comment #7 From Pieter Van den Abeele 2004-10-08 08:27:06 0000 -------

done on ppc

------- Comment #8 From Luke Macken (RETIRED) 2004-10-09 15:43:52 0000 -------

GLSA 200410-09

ppc64, please mark stable to benefit from this GLSA.

------- Comment #9 From Luke Macken (RETIRED) 2004-10-09 15:44:43 0000 -------

duh.

------- Comment #10 From Tom Gall 2004-10-09 20:25:02 0000 -------

stable on ppc64, thanks!

------- Comment #11 From Richard Tan <-- spammer 2004-10-11 04:38:27 0000 -------

[spam deleted.  awful, nasty comment about spammer deleted as well.]

------- Comment #12 From Kurt Lieber 2004-10-11 05:44:59 0000 -------

please take your spam elsewhere.

Bug List: (This bug is not in your last search results) Show last search results Search page Enter new bug

Bugzilla Bug 66647

x11-libs/lesstif integer and stack overflows [DSA 560-1]

Last modified: 2004-10-11 05:44:59 0000