83656 – x11-libs/lesstif: new XPM lib vulnerability (CAN-2005-0605)

Bug 83656 - x11-libs/lesstif: new XPM lib vulnerability (CAN-2005-0605)

Summary: x11-libs/lesstif: new XPM lib vulnerability (CAN-2005-0605)

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All All

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	https://bugs.freedesktop.org/show_bug...
Whiteboard:	B2 [glsa]
Keywords:

Depends on:
Blocks:

Reported:	2005-03-01 03:04 UTC by Thierry Carrez (RETIRED)
Modified:	2005-08-15 21:40 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
lesstif-CAN-2005-0605.patch (lesstif-CAN-2005-0605.patch,1.17 KB, patch) 2005-03-02 08:08 UTC, Thierry Carrez (RETIRED)	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thierry Carrez (RETIRED) gentoo-dev

2005-03-01 03:04:25 UTC

With an unsigned i a buffer overflow will occur in loops
like for( i-- >= 0) { copy something }.

Original Patch can be found on bug 83598, though it might require adaptation.

Comment 1 Carsten Lohrke (RETIRED) gentoo-dev

2005-03-01 04:37:25 UTC


*** This bug has been marked as a duplicate of 83655 ***

Comment 2 Thierry Carrez (RETIRED) gentoo-dev

2005-03-01 04:56:10 UTC

Hey, it's not a duplicate, these are two separate packages (which usually get fixed with different timeframes) so we need two separate bugs.

Comment 3 Thierry Carrez (RETIRED) gentoo-dev

2005-03-02 08:08:59 UTC

Created attachment 52465 [details, diff]
lesstif-CAN-2005-0605.patch

Patch adapted for lesstif

Comment 4 Heinrich Wendel (RETIRED) gentoo-dev

2005-03-02 08:57:42 UTC

applied in lesstif-0.94.0-r2.ebuild, please test this one (not -r3!!!!)

Comment 5 Thierry Carrez (RETIRED) gentoo-dev

2005-03-02 09:25:35 UTC

Arches, please test and mark lesstif-0.94.0-r2 stable

Comment 6 Heinrich Wendel (RETIRED) gentoo-dev

2005-03-02 09:29:01 UTC

done for amd64/x86

Comment 7 Markus Rothe (RETIRED) gentoo-dev

2005-03-02 11:52:07 UTC

stable on ppc64

Comment 8 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev

2005-03-02 13:53:10 UTC

Stable on ppc.

Comment 9 Lina Pezzella (RETIRED) gentoo-dev

2005-03-02 15:59:26 UTC

Stable ppc-macos.

Comment 10 Gustavo Zacarias (RETIRED) gentoo-dev

2005-03-03 07:49:15 UTC

sparc stable.

Comment 11 Bryan Østergaard (RETIRED) gentoo-dev

2005-03-03 12:14:48 UTC

Alpha stable.

Comment 12 Thierry Carrez (RETIRED) gentoo-dev

2005-03-04 06:23:44 UTC

GLSA 200503-08
arm hppa ia64 mips: please mark stable to benefit from GLSA

Comment 13 Hardave Riar (RETIRED) gentoo-dev

2005-03-13 17:20:12 UTC

mips doesn't have any keywords in this package.

Comment 14 René Nussbaumer (RETIRED) gentoo-dev

2005-06-26 06:11:06 UTC

Already stable on hppa