Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 83656

Summary: x11-libs/lesstif: new XPM lib vulnerability (CAN-2005-0605)
Product: Gentoo Security Reporter: Thierry Carrez (RETIRED) <koon>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: normal CC: lanius
Priority: High    
Version: unspecified   
Hardware: All   
OS: All   
Whiteboard: B2 [glsa]
Package list:
Runtime testing required: ---
Description Flags
lesstif-CAN-2005-0605.patch none

Description Thierry Carrez (RETIRED) gentoo-dev 2005-03-01 03:04:25 UTC
With an unsigned i a buffer overflow will occur in loops
like for( i-- >= 0) { copy something }.

Original Patch can be found on bug 83598, though it might require adaptation.
Comment 1 Carsten Lohrke (RETIRED) gentoo-dev 2005-03-01 04:37:25 UTC

*** This bug has been marked as a duplicate of 83655 ***
Comment 2 Thierry Carrez (RETIRED) gentoo-dev 2005-03-01 04:56:10 UTC
Hey, it's not a duplicate, these are two separate packages (which usually get fixed with different timeframes) so we need two separate bugs.
Comment 3 Thierry Carrez (RETIRED) gentoo-dev 2005-03-02 08:08:59 UTC
Created attachment 52465 [details, diff]

Patch adapted for lesstif
Comment 4 Heinrich Wendel (RETIRED) gentoo-dev 2005-03-02 08:57:42 UTC
applied in lesstif-0.94.0-r2.ebuild, please test this one (not -r3!!!!)
Comment 5 Thierry Carrez (RETIRED) gentoo-dev 2005-03-02 09:25:35 UTC
Arches, please test and mark lesstif-0.94.0-r2 stable
Comment 6 Heinrich Wendel (RETIRED) gentoo-dev 2005-03-02 09:29:01 UTC
done for amd64/x86
Comment 7 Markus Rothe (RETIRED) gentoo-dev 2005-03-02 11:52:07 UTC
stable on ppc64
Comment 8 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-03-02 13:53:10 UTC
Stable on ppc.
Comment 9 Lina Pezzella (RETIRED) gentoo-dev 2005-03-02 15:59:26 UTC
Stable ppc-macos.
Comment 10 Gustavo Zacarias (RETIRED) gentoo-dev 2005-03-03 07:49:15 UTC
sparc stable.
Comment 11 Bryan Østergaard (RETIRED) gentoo-dev 2005-03-03 12:14:48 UTC
Alpha stable.
Comment 12 Thierry Carrez (RETIRED) gentoo-dev 2005-03-04 06:23:44 UTC
GLSA 200503-08
arm hppa ia64 mips: please mark stable to benefit from GLSA
Comment 13 Hardave Riar (RETIRED) gentoo-dev 2005-03-13 17:20:12 UTC
mips doesn't have any keywords in this package.
Comment 14 René Nussbaumer (RETIRED) gentoo-dev 2005-06-26 06:11:06 UTC
Already stable on hppa