574374 – <x11-libs/gtk+--2.24.31: is vulnerable to CVE-2013-7447

Bug 574374 - <x11-libs/gtk+--2.24.31: is vulnerable to CVE-2013-7447

Summary: <x11-libs/gtk+--2.24.31: is vulnerable to CVE-2013-7447

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:	https://bugzilla.gnome.org/show_bug.c...
Whiteboard:	B3 [noglsa cve]
Keywords:

Depends on:	gnome-3.20-stable
Blocks:	CVE-2013-7447
	Show dependency tree

Reported:	2016-02-10 21:38 UTC by Kristian Fiskerstrand (RETIRED)
Modified:	2017-11-14 02:04 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Kristian Fiskerstrand (RETIRED) gentoo-dev

2016-02-10 21:38:37 UTC

x11-libs/gtk+:2 is vulnerable to CVE-2013-7447

See tracking bug for details.

kflaptop gtk+-2.24.28 # grep -r "cairo_pixels" -- *
gdk/gdkcairo.c:  guchar *cairo_pixels;
gdk/gdkcairo.c:  cairo_pixels = g_malloc (height * cairo_stride);

Comment 1 Gilles Dartiguelongue (RETIRED) gentoo-dev

2016-10-08 20:32:55 UTC

This is resolved in gtk+-2.24.31 which is being stabilized in bug #587010.

Comment 2 Christopher Díaz Riveros (RETIRED) gentoo-dev

2017-10-05 16:30:13 UTC

ping

Seems like gtk+ is ok now. Are we ready to close this report?

Thank you,

ChrisADR

Comment 3 Christopher Díaz Riveros (RETIRED) gentoo-dev

2017-11-14 02:02:56 UTC

GLSA Vote: No

Thank you