Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 574382 - <xfce-base/thunar-1.6.12-r1: integer overflow
Summary: <xfce-base/thunar-1.6.12-r1: integer overflow
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on:
Blocks: CVE-2013-7447
  Show dependency tree
 
Reported: 2016-02-10 21:53 UTC by Kristian Fiskerstrand (RETIRED)
Modified: 2018-03-23 23:16 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Kristian Fiskerstrand (RETIRED) gentoo-dev 2016-02-10 21:53:01 UTC 
xfce-base/thunar is vulnerable to CVE-2013-7447

See tracking bug for details.

##

kflaptop Thunar-1.6.10 # grep -r "cairo_pixels" -- *
thunar/thunar-gdk-extensions.c:  guchar          *cairo_pixels;
thunar/thunar-gdk-extensions.c:  cairo_pixels = g_malloc (height * cairo_stride);
Comment 1 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-10-05 16:36:36 UTC 
@xfce gtk+ is now fixed, could you please confirm if thunar still vulnerable?

Thank you

Gentoo Security Padawan
ChrisADR
Comment 2 Denis Dupeyron (RETIRED) gentoo-dev 2017-11-16 19:07:34 UTC 
Unfortunately latest thunar was still vulnerable. Upstream had a patch so I have applied it and pushed 1.6.12-r1.
Comment 3 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-11-17 00:10:30 UTC 
Thanks, please call for stabilization when ready.
Comment 4 Aaron Bauman (RETIRED) gentoo-dev 2018-03-23 21:17:43 UTC 
=xfce-base/thunar-1.16.13 is already stable.

@maintainers, please cleanup the vulnerable versions.

GLSA Vote: No
Comment 5 Larry the Git Cow gentoo-dev 2018-03-23 22:04:00 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1f5c6695d3744e5e73e55269e5be9ecfae910d67

commit 1f5c6695d3744e5e73e55269e5be9ecfae910d67
Author:     Michał Górny <mgorny@gentoo.org>
AuthorDate: 2018-03-23 21:59:51 +0000
Commit:     Michał Górny <mgorny@gentoo.org>
CommitDate: 2018-03-23 22:03:50 +0000

    xfce-base/thunar: Clean old up
    
    Bug: https://bugs.gentoo.org/574382

 xfce-base/thunar/Manifest                |  2 -
 xfce-base/thunar/thunar-1.6.10-r1.ebuild | 68 ---------------------------
 xfce-base/thunar/thunar-1.6.12-r1.ebuild | 80 --------------------------------
 3 files changed, 150 deletions(-)}
Comment 6 Aaron Bauman (RETIRED) gentoo-dev 2018-03-23 23:16:28 UTC 
Thanks, Michał!