Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 156693 - gnome-extra/libgsf buffer overflow (CVE-2006-4514)
Summary: gnome-extra/libgsf buffer overflow (CVE-2006-4514)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://www.debian.org/security/2006/d...
Whiteboard: B2 [glsa] DerCorny
Keywords:
Depends on:
Blocks:
 
Reported: 2006-11-30 09:18 UTC by Sune Kloppenborg Jeppesen
Modified: 2007-03-31 18:20 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sune Kloppenborg Jeppesen gentoo-dev 2006-11-30 09:18:58 UTC
"infamous41md" discovered a heap buffer overflow vulnerability in libgsf, a GNOME library for reading and writing structured file formats, which could lead to the execution of arbitrary code.
Comment 1 Stefan Cornelius (RETIRED) gentoo-dev 2006-11-30 11:09:10 UTC
Additional info:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=446

Upstreams patch:
http://cvs.gnome.org/viewcvs/libgsf/gsf/gsf-infile-msole.c?r1=1.73&r2=1.74

But there are also new upstream versions.

Gnome team please provide new ebuilds, thanks
Comment 2 foser (RETIRED) gentoo-dev 2006-12-04 08:17:26 UTC
libgsf 1.14.2 was already in portage and since there are no open issues concerning it, I see no problem putting it up for stabilisation.
Comment 3 Stefan Cornelius (RETIRED) gentoo-dev 2006-12-04 09:09:00 UTC
arches, please test and stable libgsf-1.14.2. thanks!
Comment 4 Sune Kloppenborg Jeppesen gentoo-dev 2006-12-05 00:45:58 UTC
@Stefan, perhaps it is easer for arches if we actually call them ;-)

Target keywords are:
libgsf-1.14.2.ebuild:KEYWORDS="alpha amd64 arm hppa ia64 ppc ppc64 sh sparc x86"
Comment 5 Christian Faulhammer (RETIRED) gentoo-dev 2006-12-05 03:25:13 UTC
x86 done
Comment 6 Gustavo Zacarias (RETIRED) gentoo-dev 2006-12-05 05:03:56 UTC
sparc stable.
Comment 7 Tobias Scherbaum (RETIRED) gentoo-dev 2006-12-05 09:20:27 UTC
ppc stable
Comment 8 Markus Rothe (RETIRED) gentoo-dev 2006-12-05 13:43:53 UTC
ppc64 stable
Comment 9 Jeroen Roovers gentoo-dev 2006-12-05 17:25:56 UTC
Stable for HPPA.
Comment 10 Olivier Crete (RETIRED) gentoo-dev 2006-12-05 17:40:38 UTC
amd64 stable
Comment 11 Fernando J. Pereda (RETIRED) gentoo-dev 2006-12-10 08:01:20 UTC
Alpha gives a bit of love here.
Comment 12 Sune Kloppenborg Jeppesen gentoo-dev 2006-12-12 14:26:35 UTC
GLSA 200612-13
Comment 13 Raúl Porcel (RETIRED) gentoo-dev 2007-03-31 18:20:46 UTC
ia64 done