Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 83656 - x11-libs/lesstif: new XPM lib vulnerability (CAN-2005-0605)
Summary: x11-libs/lesstif: new XPM lib vulnerability (CAN-2005-0605)
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: High normal (vote)
Assignee: Gentoo Security
Whiteboard: B2 [glsa]
Depends on:
Reported: 2005-03-01 03:04 UTC by Thierry Carrez (RETIRED)
Modified: 2005-08-15 21:40 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

lesstif-CAN-2005-0605.patch (lesstif-CAN-2005-0605.patch,1.17 KB, patch)
2005-03-02 08:08 UTC, Thierry Carrez (RETIRED)
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Thierry Carrez (RETIRED) gentoo-dev 2005-03-01 03:04:25 UTC
With an unsigned i a buffer overflow will occur in loops
like for( i-- >= 0) { copy something }.

Original Patch can be found on bug 83598, though it might require adaptation.
Comment 1 Carsten Lohrke (RETIRED) gentoo-dev 2005-03-01 04:37:25 UTC

*** This bug has been marked as a duplicate of 83655 ***
Comment 2 Thierry Carrez (RETIRED) gentoo-dev 2005-03-01 04:56:10 UTC
Hey, it's not a duplicate, these are two separate packages (which usually get fixed with different timeframes) so we need two separate bugs.
Comment 3 Thierry Carrez (RETIRED) gentoo-dev 2005-03-02 08:08:59 UTC
Created attachment 52465 [details, diff]

Patch adapted for lesstif
Comment 4 Heinrich Wendel (RETIRED) gentoo-dev 2005-03-02 08:57:42 UTC
applied in lesstif-0.94.0-r2.ebuild, please test this one (not -r3!!!!)
Comment 5 Thierry Carrez (RETIRED) gentoo-dev 2005-03-02 09:25:35 UTC
Arches, please test and mark lesstif-0.94.0-r2 stable
Comment 6 Heinrich Wendel (RETIRED) gentoo-dev 2005-03-02 09:29:01 UTC
done for amd64/x86
Comment 7 Markus Rothe (RETIRED) gentoo-dev 2005-03-02 11:52:07 UTC
stable on ppc64
Comment 8 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-03-02 13:53:10 UTC
Stable on ppc.
Comment 9 Lina Pezzella (RETIRED) gentoo-dev 2005-03-02 15:59:26 UTC
Stable ppc-macos.
Comment 10 Gustavo Zacarias (RETIRED) gentoo-dev 2005-03-03 07:49:15 UTC
sparc stable.
Comment 11 Bryan Østergaard (RETIRED) gentoo-dev 2005-03-03 12:14:48 UTC
Alpha stable.
Comment 12 Thierry Carrez (RETIRED) gentoo-dev 2005-03-04 06:23:44 UTC
GLSA 200503-08
arm hppa ia64 mips: please mark stable to benefit from GLSA
Comment 13 Hardave Riar (RETIRED) gentoo-dev 2005-03-13 17:20:12 UTC
mips doesn't have any keywords in this package.
Comment 14 René Nussbaumer (RETIRED) gentoo-dev 2005-06-26 06:11:06 UTC
Already stable on hppa