From ${URL} : Heap overflow flaw was found in the gdk-pixbuf implementation triggered by the scaling of gif file. Affected versions are < 2.32.1. Upstream patch: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=e9a5704edaa9aee9498f1fbf6e1b70fcce2e55aa CVE request: http://seclists.org/oss-sec/2015/q4/5 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
I am tired of manually backporting security fixes to 2.30.8 and risking getting something wrong. So let's get the real gdk-pixbuf-2.32.1 in the tree, since it does seem to work fine with gtk+-3.16.x in my testing. https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1dfb62b200770993df34d207358805fba6612605 commit 1dfb62b200770993df34d207358805fba6612605 Author: Alexandre Rostovtsev <tetromino@gentoo.org> Date: Mon Oct 12 19:19:17 2015 -0400 x11-libs/gdk-pixbuf: bump to 2.32.1, fixes heap overflows Fixes multiple heap overflows (CVE-2015-7673, CVE-2015-7674). Drops support for wbmp, ras, pcx formats. Fixes support for icns and 256x256 ico formats. Gentoo-Bug: 562878, 562880 Reported-by: Agostino Sarubbo Overflows fixed in =gdk-pixbuf-2.32.1 - please test and stabilize.
*** Bug 562880 has been marked as a duplicate of this bug. ***
Arches, please test and mark stable: =x11-libs/gdk-pixbuf-2.32.1 Target Keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86" Thank you!
amd64 stable
x86 stable
Stable for HPPA PPC64.
ppc stable
Stable on alpha.
arm stable
sparc stable
ia64 stable
This issue was resolved and addressed in GLSA 201512-05 at https://security.gentoo.org/glsa/201512-05 by GLSA coordinator Yury German (BlueKnight).