Summary: | <app-editors/xemacs-21.4.22-r1: Multiple Image Processing Integer Overflows (CVE-2009-2688) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Alex Legler (RETIRED) <a3li> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | xemacs |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://secunia.com/advisories/35348/ | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Alex Legler (RETIRED)
2009-06-25 13:41:13 UTC
Fauli confirmed the issue is non-existant in emacs. Filed upstream as: http://tracker.xemacs.org/XEmacs/its/issue534 Upstream is aware of this and working on a patch. However, their viewpoint on this is that this is not really a security bug. I've just added xemacs-21.4.22-r1 to the tree which contains upstreams patch for this. Only lightly tested right now. My suggestion is to leave this in the tree for a couple of days before stablizing it. I'm not sure if upstream will do a release shortly, and there was a bit of discussion on the patch as well. Hans, have there been an regressions so far? I haven't seen problems when testing, upstream has not issues updated patches, and I don't see any activity indicating a forthcoming release, so I think we should go ahead and mark this version stable. Arches, please test and mark stable: =app-editors/xemacs-21.4.22-r1 Target keywords : "alpha amd64 hppa ppc ppc64 sparc x86" Stable on alpha. x86 stable Stable for HPPA. amd64/sparc stable ppc stable ppc64 done GLSA request filed. CVE-2009-2688 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2688): Multiple integer overflows in glyphs-eimage.c in XEmacs 21.4.22, when running on Windows, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) the tiff_instantiate function processing a crafted TIFF file, (2) the png_instantiate function processing a crafted PNG file, and (3) the jpeg_instantiate function processing a crafted JPEG file, all which trigger a heap-based buffer overflow. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. GLSA 201006-15 |