Summary: | kde-base/kdelibs PCX Image Buffer Overflow Vulnerability | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Sune Kloppenborg Jeppesen (RETIRED) <jaervosz> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | normal | CC: | cryos, kde | ||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | All | ||||||
URL: | http://www.kde.org/info/security/advisory-20050421-1.txt | ||||||
Whiteboard: | B2 [glsa] jaervosz | ||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
Sune Kloppenborg Jeppesen (RETIRED)
2005-04-12 07:56:08 UTC
kde please advise. Created attachment 56163 [details]
xv.pdf (bugtray email by Bruno Rohee)
Once again this is a general media-gfx/xv issue. According to Dirk Mueller
(kde.org) there are still issues neither covered by the bug report nor the
Secunia/Suse advisories.
Carlo: what does the kdelibs PCX loading thing has to do with XV vulnerabilities ? It shares the same code ? Turns out that it has nothing to do with the xv code, though the problem is similar. kde will you wait for upstream to release a fixed version or patch the current ebuild? Upstrem will officially release a patch really soon. It just looks like we don't get a patch for KDE 3.2.3. Does anyone volunteer? Grabed the 3.2 branch stuff, which seems to be fixed, patch in the works. Marcus: cc'ing you in advance, doesn't harm if the patch is inspected by a few more than my two eyes. Well, just did it. Herds: As this commit fixes Bug 81110, too, please take the chance and mark net-dns/libidn-0.5.13 stable before, if you don't have already. <<< kdelibs-3.2.3-r8.ebuild <<< kdelibs-3.2.3-r9.ebuild Thanks. You meant <<< kdelibs-3.3.2-r8.ebuild <<< kdelibs-3.2.3-r9.ebuild right? According to the Changelog it is both the 3.2.x and 3.3.x series: kdelibs-3.2.3-r9 kdelibs-3.3.2-r8 Arches please test and mark stable. Um, right. The ebuilds looked too similar. :| Pylon already marked them stable. Removing ppc@g.o from CC. sparc stable. Stable on alpha and ia64. stable on ppc64 GLSA 200504-22 hppa, mips remember to mark stable to benifit from GLSA. The issued patch broke reading of .rgb files ( which were not supported by KDE 3.2), so <<< files/digest-kdelibs-3.3.2-r9 Herds, please... stable on ppc64 Stable on ppc. stable on amd64 Stable on alpha + ia64. Stable on hppa. SPARC'd Closing again. mips please remember to mark stable. Stable on mips. |