Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 201860 - app-emulation/emul-linux-x86-gtklibs < 20071210 Merge newer cairo (CVE-2007-5503)
Summary: app-emulation/emul-linux-x86-gtklibs < 20071210 Merge newer cairo (CVE-2007-5...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: https://rhn.redhat.com/errata/RHSA-20...
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2007-12-10 16:31 UTC by Robert Buchholz (RETIRED)
Modified: 2008-03-06 09:57 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Buchholz (RETIRED) gentoo-dev 2007-12-10 16:31:55 UTC
Cairo is vulnerable to bug #200350, please merge newer 1.4.12.
Comment 1 Peter Weller (RETIRED) gentoo-dev 2007-12-11 00:29:34 UTC
Bumped. @amd64 guys: Please test and stabilize.
Comment 2 Peter Weller (RETIRED) gentoo-dev 2007-12-11 19:03:51 UTC
(So, that means version 20071210)
Comment 3 Matthias Langer 2007-12-13 16:22:13 UTC
on amd64:

at least

www-client/mozilla-firefox-bin-2.0.0.11  USE="-restrict-javascript"

seems to work fine with

app-emulation/emul-linux-x86-gtklibs-20071210  USE="-qt3"


Portage 2.1.3.19 (default-linux/amd64/2007.0/desktop, gcc-4.1.2, glibc-2.6.1-r0, 2.6.23-gentoo-r3 x86_64)
=================================================================
System uname: 2.6.23-gentoo-r3 x86_64 Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz
Timestamp of tree: Thu, 13 Dec 2007 10:46:01 +0000
app-shells/bash:     3.2_p17
dev-java/java-config: 1.3.7, 2.0.33-r1
dev-lang/python:     2.4.4-r6
dev-python/pycrypto: 2.0.1-r6
sys-apps/baselayout: 1.12.9-r2
sys-apps/sandbox:    1.2.18.1-r2
sys-devel/autoconf:  2.13, 2.61-r1
sys-devel/automake:  1.5, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.18-r1
sys-devel/gcc-config: 1.3.16
sys-devel/libtool:   1.5.24
virtual/os-headers:  2.6.22-r2
ACCEPT_KEYWORDS="amd64"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=nocona -O2 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c /etc/udev/rules.d"
CXXFLAGS="-march=nocona -O2 -pipe"
DISTDIR="/var/portage/distfiles"
FEATURES="distlocks metadata-transfer sandbox sfperms strict unmerge-orphans userfetch"
GENTOO_MIRRORS="http://gentoo.ynet.sk/pub"
LANG="en_US.utf8"
LC_ALL="en_US.utf8"
LINGUAS="en de"
MAKEOPTS="-j3"
PKGDIR="/var/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/var/portage/repos/gentoo"
PORTDIR_OVERLAY="/var/portage/repos/private"
SYNC="rsync://192.168.0.1/gentoo-portage"
USE="3dnow 3dnowext X a52 aac acpi alsa amd64 beagle berkdb bitmap-fonts bzip2 cairo caps cddb cdr cli cracklib crypt cups dbus dri dvd dvdr dvdread eds emboss encode evo exif fam ffmpeg firefox flac fortran gd gdbm gif gimp gnome gphoto2 gpm gstreamer gtk hal hddtemp iconv icu ipod ipv6 isdnlog java jpeg jpeg2k lcms ldap libnotify lm_sensors mad matroska midi mikmod mmap mmx mmxext mono mp3 mpeg mudflap musicbrainz ncurses nls nptl nptlonly nvidia ogg opengl openmp pam pcre pdf perl plotutils png pppd pulseaudio python qt3support quicktime readline reflection ruby sdl session spell spl sse sse2 ssl ssse3 svg tcpd tetex theora threads tiff truetype truetype-fonts type1-fonts unicode usb vcd vim-syntax vorbis xattr xml xorg xv xvid zlib" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CAMERAS="canon konica ptp2 kodak" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LINGUAS="en de" USERLAND="GNU" VIDEO_CARDS="nvidia nv"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Comment 4 Peter Weller (RETIRED) gentoo-dev 2007-12-13 21:44:25 UTC
Stable
Comment 5 Robert Buchholz (RETIRED) gentoo-dev 2007-12-22 13:50:29 UTC
request filed.
Comment 6 Robert Buchholz (RETIRED) gentoo-dev 2008-01-10 23:00:20 UTC
GLSA 200712-24
Comment 7 Peter Volkov (RETIRED) gentoo-dev 2008-03-06 09:57:43 UTC
Does not affect current (2008.0) release. Removing release.