Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 493292 (CVE-2013-6425) - <x11-libs/pixman-0.32.4 : integer underflow when handling trapezoids (CVE-2013-6425)
Summary: <x11-libs/pixman-0.32.4 : integer underflow when handling trapezoids (CVE-201...
Status: RESOLVED FIXED
Alias: CVE-2013-6425
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: A2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2013-12-04 10:08 UTC by Agostino Sarubbo
Modified: 2014-02-02 18:32 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2013-12-04 10:08:07 UTC
From ${URL} :

An integer underflow flaw was found in pixman when handling trapezoids. If an application used pixman 
opened a crafted document, it could cause the application to crash.

References:
http://seclists.org/oss-sec/2013/q4/399
https://bugs.freedesktop.org/show_bug.cgi?id=67484
https://bugs.freedesktop.org/attachment.cgi?id=87925


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Yury German Gentoo Infrastructure gentoo-dev Security 2013-12-04 17:19:30 UTC
Arches, please test and mark stable:

=x11-libs/pixman-0.32.4

Target Keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"
Comment 2 Jeroen Roovers gentoo-dev 2013-12-05 13:28:49 UTC
Stable for HPPA.
Comment 3 Agostino Sarubbo gentoo-dev 2013-12-06 20:40:18 UTC
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2013-12-06 20:42:18 UTC
x86 stable
Comment 5 Agostino Sarubbo gentoo-dev 2013-12-07 19:11:46 UTC
ppc stable
Comment 6 Agostino Sarubbo gentoo-dev 2013-12-07 19:14:08 UTC
ppc64 stable
Comment 7 Agostino Sarubbo gentoo-dev 2013-12-07 19:51:43 UTC
arm stable
Comment 8 Agostino Sarubbo gentoo-dev 2013-12-08 17:05:59 UTC
alpha stable
Comment 9 Agostino Sarubbo gentoo-dev 2013-12-14 19:46:59 UTC
sparc stable
Comment 10 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2013-12-26 20:18:02 UTC
ia64 stable.

glsa request filed.

Maintainer(s), please cleanup.
Comment 11 Matt Turner gentoo-dev 2013-12-27 03:21:53 UTC
Old versions dropped.
Comment 12 GLSAMaker/CVETool Bot gentoo-dev 2014-01-26 02:14:40 UTC
CVE-2013-6425 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6425):
  Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman
  before 0.32.0, as used in X.Org server and cairo, allows context-dependent
  attackers to cause a denial of service (crash) via a negative bottom value.
Comment 13 GLSAMaker/CVETool Bot gentoo-dev 2014-02-02 18:32:35 UTC
This issue was resolved and addressed in
 GLSA 201402-03 at http://security.gentoo.org/glsa/glsa-201402-03.xml
by GLSA coordinator Mikle Kolyada (Zlogene).