xfce-base/thunar is vulnerable to CVE-2013-7447 See tracking bug for details. ## kflaptop Thunar-1.6.10 # grep -r "cairo_pixels" -- * thunar/thunar-gdk-extensions.c: guchar *cairo_pixels; thunar/thunar-gdk-extensions.c: cairo_pixels = g_malloc (height * cairo_stride);
@xfce gtk+ is now fixed, could you please confirm if thunar still vulnerable? Thank you Gentoo Security Padawan ChrisADR
Unfortunately latest thunar was still vulnerable. Upstream had a patch so I have applied it and pushed 1.6.12-r1.
Thanks, please call for stabilization when ready.
=xfce-base/thunar-1.16.13 is already stable. @maintainers, please cleanup the vulnerable versions. GLSA Vote: No
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1f5c6695d3744e5e73e55269e5be9ecfae910d67 commit 1f5c6695d3744e5e73e55269e5be9ecfae910d67 Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2018-03-23 21:59:51 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2018-03-23 22:03:50 +0000 xfce-base/thunar: Clean old up Bug: https://bugs.gentoo.org/574382 xfce-base/thunar/Manifest | 2 - xfce-base/thunar/thunar-1.6.10-r1.ebuild | 68 --------------------------- xfce-base/thunar/thunar-1.6.12-r1.ebuild | 80 -------------------------------- 3 files changed, 150 deletions(-)}
Thanks, Michał!