Summary: | <x11-libs/gdk-pixbuf-2.32.1: Heap overflow when scaling a GIF file (CVE-2015-7674) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | gnome |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1268249 | ||
Whiteboard: | A2 [glsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 563052 | ||
Bug Blocks: | 562880 |
Description
Agostino Sarubbo
2015-10-12 07:38:04 UTC
I am tired of manually backporting security fixes to 2.30.8 and risking getting something wrong. So let's get the real gdk-pixbuf-2.32.1 in the tree, since it does seem to work fine with gtk+-3.16.x in my testing. https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1dfb62b200770993df34d207358805fba6612605 commit 1dfb62b200770993df34d207358805fba6612605 Author: Alexandre Rostovtsev <tetromino@gentoo.org> Date: Mon Oct 12 19:19:17 2015 -0400 x11-libs/gdk-pixbuf: bump to 2.32.1, fixes heap overflows Fixes multiple heap overflows (CVE-2015-7673, CVE-2015-7674). Drops support for wbmp, ras, pcx formats. Fixes support for icns and 256x256 ico formats. Gentoo-Bug: 562878, 562880 Reported-by: Agostino Sarubbo Overflows fixed in =gdk-pixbuf-2.32.1 - please test and stabilize. *** Bug 562880 has been marked as a duplicate of this bug. *** Arches, please test and mark stable: =x11-libs/gdk-pixbuf-2.32.1 Target Keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86" Thank you! amd64 stable x86 stable Stable for HPPA PPC64. ppc stable Stable on alpha. arm stable sparc stable ia64 stable This issue was resolved and addressed in GLSA 201512-05 at https://security.gentoo.org/glsa/201512-05 by GLSA coordinator Yury German (BlueKnight). |