Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 500124 - GLSA 201402-03 : DoS or code execution?
Summary: GLSA 201402-03 : DoS or code execution?
Status: RESOLVED WORKSFORME
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: GLSA Errors (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-02-02 18:40 UTC by Agostino Sarubbo
Modified: 2014-02-02 18:48 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2014-02-02 18:40:52 UTC 
The cve description says:

  Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman
  before 0.32.0, as used in X.Org server and cairo, allows context-dependent
  attackers to cause a denial of service (crash) via a negative bottom value


I make another search and I never seen any mention of code execution.
Comment 1 Sergey Popov (RETIRED) gentoo-dev 2014-02-02 18:48:09 UTC 
Additional research made by RedHat guys says that possibility of code execution exists[1], that's why GLSA mentions it.

[1] - https://rhn.redhat.com/errata/RHSA-2013-1869.html