Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 66647 - x11-libs/lesstif integer and stack overflows [DSA 560-1]
Summary: x11-libs/lesstif integer and stack overflows [DSA 560-1]
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://www.debian.org/security/2004/d...
Whiteboard: A2 [glsa] lewk
Keywords:
Depends on:
Blocks:
 
Reported: 2004-10-07 07:01 UTC by Marc Vila
Modified: 2011-10-30 22:39 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marc Vila 2004-10-07 07:01:15 UTC 
Chris Evans discovered several stack and integer overflows in the
libXpm library which is included in LessTif.

CVE ID         : CAN-2004-0687 CAN-2004-0688
CERT advisory  : VU#537878 VU#882750

http://www.debian.org/security/2004/dsa-560

Reproducible: Always
Steps to Reproduce:
1.
2.
3.
Comment 1 Luke Macken (RETIRED) gentoo-dev 2004-10-07 07:11:16 UTC 
See also: http://www.securitytracker.com/alerts/2004/Sep/1011435.html

lanius, please bump to 0.93.96
Comment 2 Heinrich Wendel (RETIRED) gentoo-dev 2004-10-07 07:50:19 UTC 
bumped to 0.93.97
Comment 3 Luke Macken (RETIRED) gentoo-dev 2004-10-07 08:08:23 UTC 
even better, thanks Heinrich!

archs, please mark 0.93.97 stable.
Comment 4 Gustavo Zacarias (RETIRED) gentoo-dev 2004-10-07 10:40:20 UTC 
sparc tasty.
Comment 5 Jeremy Huddleston (RETIRED) gentoo-dev 2004-10-07 15:01:45 UTC 
stable amd64
Comment 6 Guy Martin (RETIRED) gentoo-dev 2004-10-07 16:29:54 UTC 
done on hppa
Comment 7 Pieter Van den Abeele (RETIRED) gentoo-dev 2004-10-08 08:27:06 UTC 
done on ppc
Comment 8 Luke Macken (RETIRED) gentoo-dev 2004-10-09 15:43:52 UTC 
GLSA 200410-09

ppc64, please mark stable to benefit from this GLSA.
Comment 9 Luke Macken (RETIRED) gentoo-dev 2004-10-09 15:44:43 UTC 
duh.
Comment 10 Tom Gall (RETIRED) gentoo-dev 2004-10-09 20:25:02 UTC 
stable on ppc64, thanks!
Comment 11 Richard Tan <-- spammer 2004-10-11 04:38:27 UTC 
[spam deleted.  awful, nasty comment about spammer deleted as well.]
Comment 12 Kurt Lieber (RETIRED) gentoo-dev 2004-10-11 05:44:59 UTC 
please take your spam elsewhere.