Summary: | <x11-libs/gdk-pixbuf-2.36.11: Integer overflow in io-gif.c:gif_get_lzw() can lead to memory corruption and potential code execution (CVE-2017-1000422) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Ian Zimmerman <nobrowser> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | gnome, slyfox |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.gnome.org/show_bug.cgi?id=785973 | ||
Whiteboard: | B2 [glsa+ cve] | ||
Package list: |
x11-libs/gdk-pixbuf-2.36.11 alpha amd64 arm hppa ia64 ppc ppc64 x86
|
Runtime testing required: | --- |
Description
Ian Zimmerman
2018-01-16 16:16:55 UTC
Upstream bug references commits are included in gdk-pixbuf-2.36.11 x86 stable amd64 stable Stable on alpha. Looking good on ppc. Failing builds are only due to +X +introspection needed for gtk+ deps. # cat gdk-pixbuf-644770.report USE tests started on So 21. Jan 14:51:00 CET 2018 USE='-X -introspection -jpeg -jpeg2k -tiff' failed for =x11-libs/gdk-pixbuf-2.36.11 USE='X -introspection -jpeg -jpeg2k -tiff' failed for =x11-libs/gdk-pixbuf-2.36.11 USE='X introspection -jpeg -jpeg2k -tiff' succeeded for =x11-libs/gdk-pixbuf-2.36.11 USE='-X introspection jpeg -jpeg2k -tiff' failed for =x11-libs/gdk-pixbuf-2.36.11 USE='-X -introspection -jpeg jpeg2k -tiff' failed for =x11-libs/gdk-pixbuf-2.36.11 USE='X -introspection -jpeg jpeg2k -tiff' failed for =x11-libs/gdk-pixbuf-2.36.11 USE='-X introspection -jpeg jpeg2k -tiff' failed for =x11-libs/gdk-pixbuf-2.36.11 USE='X introspection -jpeg jpeg2k -tiff' succeeded for =x11-libs/gdk-pixbuf-2.36.11 USE='X -introspection -jpeg -jpeg2k tiff' failed for =x11-libs/gdk-pixbuf-2.36.11 USE='-X -introspection jpeg -jpeg2k tiff' failed for =x11-libs/gdk-pixbuf-2.36.11 USE='X -introspection jpeg -jpeg2k tiff' failed for =x11-libs/gdk-pixbuf-2.36.11 USE='X introspection jpeg jpeg2k tiff' succeeded for =x11-libs/gdk-pixbuf-2.36.11 FEATURES= test succeeded for =x11-libs/gdk-pixbuf-2.36.11 commit 9e7f603989bcb17e86282ce69933095d6ed69bc5 Author: Rolf Eike Beer <eike@sf-mail.de> Date: Sat Feb 3 21:50:21 2018 +0100 x11-libs/gdk-pixbuf: stable 2.36.11 for hppa, bug #644770 arm stable ia64 stable ppc stable (thanks to ernsteiswuerfel) ppc64 stable. last arch done cleanup done Thanks, Leio! GLSA request filed. This issue was resolved and addressed in GLSA 201804-14 at https://security.gentoo.org/glsa/201804-14 by GLSA coordinator Aaron Bauman (b-man). |