Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 66647

Summary: x11-libs/lesstif integer and stack overflows [DSA 560-1]
Product: Gentoo Security Reporter: Marc Vila <marc.vila>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: lanius, richard_tan3000
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.debian.org/security/2004/dsa-560
Whiteboard: A2 [glsa] lewk
Package list:
Runtime testing required: ---

Description Marc Vila 2004-10-07 07:01:15 UTC 
Chris Evans discovered several stack and integer overflows in the
libXpm library which is included in LessTif.

CVE ID         : CAN-2004-0687 CAN-2004-0688
CERT advisory  : VU#537878 VU#882750

http://www.debian.org/security/2004/dsa-560

Reproducible: Always
Steps to Reproduce:
1.
2.
3.
Comment 1 Luke Macken (RETIRED) gentoo-dev 2004-10-07 07:11:16 UTC 
See also: http://www.securitytracker.com/alerts/2004/Sep/1011435.html

lanius, please bump to 0.93.96
Comment 2 Heinrich Wendel (RETIRED) gentoo-dev 2004-10-07 07:50:19 UTC 
bumped to 0.93.97
Comment 3 Luke Macken (RETIRED) gentoo-dev 2004-10-07 08:08:23 UTC 
even better, thanks Heinrich!

archs, please mark 0.93.97 stable.
Comment 4 Gustavo Zacarias (RETIRED) gentoo-dev 2004-10-07 10:40:20 UTC 
sparc tasty.
Comment 5 Jeremy Huddleston (RETIRED) gentoo-dev 2004-10-07 15:01:45 UTC 
stable amd64
Comment 6 Guy Martin (RETIRED) gentoo-dev 2004-10-07 16:29:54 UTC 
done on hppa
Comment 7 Pieter Van den Abeele (RETIRED) gentoo-dev 2004-10-08 08:27:06 UTC 
done on ppc
Comment 8 Luke Macken (RETIRED) gentoo-dev 2004-10-09 15:43:52 UTC 
GLSA 200410-09

ppc64, please mark stable to benefit from this GLSA.
Comment 9 Luke Macken (RETIRED) gentoo-dev 2004-10-09 15:44:43 UTC 
duh.
Comment 10 Tom Gall (RETIRED) gentoo-dev 2004-10-09 20:25:02 UTC 
stable on ppc64, thanks!
Comment 11 Richard Tan <-- spammer 2004-10-11 04:38:27 UTC 
[spam deleted.  awful, nasty comment about spammer deleted as well.]
Comment 12 Kurt Lieber (RETIRED) gentoo-dev 2004-10-11 05:44:59 UTC 
please take your spam elsewhere.