Comment 1 Gustavo Zacarias (RETIRED) 2006-07-10 09:58:02 UTC

Revbumped, thanks for the news.
Security: The ChangeLog mentions a security bug fix "Fix a security bug that was reported to us by Joxean Koret (thanks a lot!). A stack corruption could be triggered in the toolbar code by loading a document which contained a style with an insanely long name (afftects only Windows and Unix)".
It is unclear if this affects the 2.2.x branch (current stable). Please advise.

Comment 2 Thierry Carrez (RETIRED) 2006-08-02 07:03:44 UTC

Reassigning to security for a decision

Comment 3 Sune Kloppenborg Jeppesen (RETIRED) 2006-08-02 08:21:47 UTC

Taviso or someone else, please check wether this affects 2.2.x

Comment 4 Christian Faulhammer (RETIRED) 2006-08-16 23:55:47 UTC

Can we close this bug, because 2.4.5 is getting stabled

Comment 5 Raphael Marichez (Falco) (RETIRED) 2006-08-17 00:50:32 UTC

i have really no detail on this potential issue. BTW, a stack overflow merits a GLSA... anybody knows if 2.2.x was affected or has a link to the patch ?

Additionnally, i suggest to remove from the tree the 2.4.x vulnerable versions (x<5).

Comment 6 Raphael Marichez (Falco) (RETIRED) 2006-08-28 02:48:16 UTC

heya sec team, holidays have finished, please vote :)

Comment 7 Sune Kloppenborg Jeppesen (RETIRED) 2006-08-29 11:18:10 UTC

I can't find any details about this issue. So given that impact is unknown I vote NO.

Comment 8 Raphael Marichez (Falco) (RETIRED) 2006-09-05 11:22:34 UTC

OK, so no glsa on this.

Is 2.2.x affected ? AMD64 is still with 2.2.11 as the latest stable version.

Comment 9 Raphael Marichez (Falco) (RETIRED) 2006-09-07 07:05:56 UTC

amd64 is done now. Closing with noglsa, feel free to reopen if blabla

Comment 10 Raphael Marichez (Falco) (RETIRED) 2006-09-07 07:06:04 UTC

amd64 is done now. Closing with noglsa, feel free to reopen if blabla