456866 – (CVE-2013-1591) <x11-libs/pixman-0.28.0: stack-based buffer overflow (CVE-2013-1591)

Bug 456866 (CVE-2013-1591) - <x11-libs/pixman-0.28.0: stack-based buffer overflow (CVE-2013-1591)

Summary: <x11-libs/pixman-0.28.0: stack-based buffer overflow (CVE-2013-1591)

Status:	RESOLVED FIXED

Alias:	CVE-2013-1591

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:	https://bugzilla.redhat.com/show_bug....
Whiteboard:	B3 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2013-02-11 22:32 UTC by Agostino Sarubbo
Modified:	2013-08-22 10:49 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2013-02-11 22:32:41 UTC

From ${URL} :

Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4, has unspecified impact 
and attack vectors.

The upstream commit to correct this flaw:

http://cgit.freedesktop.org/pixman/commit/?id=de60e2e0e3eb6084f8f14b63f25b3cbfb012943f

Comment 1 Matt Turner gentoo-dev

2013-02-12 02:25:17 UTC

For completeness, this commit has been in the following tags:

pixman-0.27.4
pixman-0.28.0
pixman-0.28.2
pixman-0.29.2

thus, there are no affected versions in the tree.

Comment 2 Sean Amoss (RETIRED) gentoo-dev

2013-02-24 01:10:51 UTC

GLSA vote: no.

Comment 3 GLSAMaker/CVETool Bot gentoo-dev

2013-03-04 23:36:42 UTC

CVE-2013-1591 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1591):
  Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4,
  has unspecified impact and attack vectors.

Comment 4 Sergey Popov gentoo-dev

2013-08-22 10:49:25 UTC

GLSA vote: no

Closing as noglsa