Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 83598
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Sune Kloppenborg Jeppesen <jaervosz@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
xpm-sec10.diff xpm-sec10.diff patch Sune Kloppenborg Jeppesen 2005-02-28 13:17 0000 1.38 KB Details | Diff
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 83598 depends on: Show dependency tree
Bug 83598 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2005-02-28 13:16 0000 
With an unsigned i a buffer overflow will occur in loops
like for( i-- >= 0) { copy something }.

------- Comment #1 From Sune Kloppenborg Jeppesen 2005-02-28 13:17:36 0000 ------- 
Created an attachment (id=52321) [details]
xpm-sec10.diff

------- Comment #2 From Donnie Berkholz 2005-03-01 08:13:54 0000 ------- 
Yeah, I know. =\ Have you checked whether that patch applies cleanly to our
stuff?

------- Comment #3 From Sune Kloppenborg Jeppesen 2005-03-01 08:39:24 0000 ------- 
No, I haven't checked and don't think koon has either.

------- Comment #4 From Thierry Carrez (RETIRED) 2005-03-02 08:52:12 0000 ------- 
Patch applies cleanly to 6.8.0 with :

$ cd xc/extras/Xpm/lib/
$ patch -p0 < ~/xpm-sec10.diff
patching file scan.c
patching file create.c

------- Comment #5 From Thierry Carrez (RETIRED) 2005-03-03 02:49:00 0000 ------- 
Donnie: what's your timeframe on this ? I would like to know if I let the
OpenMotif/LessTif advisories out or (if you're close) wait for Xorg to be ready
and issue one for all...

------- Comment #6 From Donnie Berkholz 2005-03-03 12:57:14 0000 ------- 
I can do it this weekend, hopefully tomorrow sometime, but not today.

------- Comment #7 From Donnie Berkholz 2005-03-05 11:07:23 0000 ------- 
6.8.0-r5 and 6.8.2-r1 are in portage with the fix.

Arches that need to stable 6.8.2-r1:
ppc ppc64

Arches that need to stable 6.8.0-r5 or (at their option) 6.8.2-r1 instead:
everyone else -- x86 sparc alpha amd64 hppa arm mips ia64

The 6.7.0 series is not going to be fixed and will be pulled from portage, as will 6.8.0-r{3,4}, once the above is stable.

------- Comment #8 From Thierry Carrez (RETIRED) 2005-03-06 02:03:16 0000 ------- 
Arches, please mark stable, following comment #7

------- Comment #9 From Michael Hanselmann (hansmi) (RETIRED) 2005-03-06 04:05:39 0000 ------- 
6.8.2-r1 is stable on ppc.

------- Comment #10 From Markus Rothe 2005-03-06 09:53:43 0000 ------- 
stable on ppc64

------- Comment #11 From Danny van Dyk (RETIRED) 2005-03-06 10:58:02 0000 ------- 
Stable on amd64.

------- Comment #12 From Bryan Østergaard (RETIRED) 2005-03-07 15:35:34 0000 ------- 
Stable on alpha.

------- Comment #13 From Stephen Becker (RETIRED) 2005-03-09 06:02:09 0000 ------- 
mips good

------- Comment #14 From Sune Kloppenborg Jeppesen 2005-03-09 13:10:07 0000 ------- 
x86, sparc, amd64 please mark stable.

------- Comment #15 From Sune Kloppenborg Jeppesen 2005-03-09 13:12:59 0000 ------- 
woops, sorry kugelfang.

------- Comment #16 From Ferris McCormick 2005-03-10 14:30:54 0000 ------- 
6.8.2-r1 is stable for sparc.

------- Comment #17 From Donnie Berkholz 2005-03-10 19:22:29 0000 ------- 
Stabled 6.8.0-r5 on x86.

------- Comment #18 From Luke Macken (RETIRED) 2005-03-12 10:37:21 0000 ------- 
GLSA 200503-15

arm/hppa/ia64, please mark stable to benefit from GLSA.

------- Comment #19 From René Nussbaumer 2005-06-26 06:02:04 0000 ------- 
Already stable on hppa
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug