Date: Tue, 15 May 2012 09:47:25 -0400 From: Eitan Adler <lists@eitanadler.com> To: gnome@freebsd.org Cc: ports-security@freebsd.org Subject: Fwd: [oss-security] CVE Request: gdk-pixbuf Integer overflow in XBM file loader Message-ID: <CAF6rxg=JMUi8mNqO%2BWHCi52brin_0wcZvOu2LNcmXz=jcx_tEw@mail.gmail.com> In-Reply-To: <4FB242F6.2090506@gentoo.org> References: <4FB242F6.2090506@gentoo.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--0016e6d975b53ddc3f04c0137395 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable A port you maintain may be insecure. Please update the port and write up a VuXML notice. ---------- Forwarded message ---------- From: Sean Amoss <ackle@gentoo.org> Date: 15 May 2012 07:50 Subject: [oss-security] CVE Request: gdk-pixbuf Integer overflow in XBM file loader To: oss-security@lists.openwall.com Hello, I have not seen a CVE assigned for this issue yet: "It's possible to crash any application with memory allocation error, or potentially corrupt heap because width/height parameters isn't properly verified." References: https://bugs.gentoo.org/show_bug.cgi?id=3D412033 https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/681150 Upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=3D672811 Upstream commit: http://git.gnome.org/browse/gdk-pixbuf/commit/?id=3D4f0f465f991cd454d031894= 97f923eb40c170c22 Thanks, Sean -- Sean Amoss Gentoo Security | GLSA Coordinator E-Mail =C2=A0 =C2=A0: ackle@gentoo.org GnuPG ID =C2=A0: E928357A GnuPG FP =C2=A0: E58A AABD DD2D 03AF 0A7A 2F14 1877 72EC E928 357A --=20 Eitan Adler --0016e6d975b53ddc3f04c0137395 Content-Type: application/pgp-signature; name="signature.asc" Content-Disposition: attachment; filename="signature.asc" Content-Transfer-Encoding: base64 X-Attachment-Id: 16b5b4ef436613d9_0.1 LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0NClZlcnNpb246IEdudVBHIHYyLjAuMTcgKEdO VS9MaW51eCkNCkNvbW1lbnQ6IFVzaW5nIEdudVBHIHdpdGggTW96aWxsYSAtIGh0dHA6Ly9lbmln bWFpbC5tb3pkZXYub3JnLw0KDQppRjRFQVJFSUFBWUZBayt5UXZZQUNna1FBbmwzU2ZuWVIvZzZQ d0QvZVgvaW0rakRodzhMNVpDMjlSTkJLQjYvDQp1b25pNmUvNmNkeG5rTzlQSTI0QS9pNmdoNVJW UTNsYy8vOFdNM3UxRENrYllhTjNOSlFuMUwvMWJQUllNQ1FIDQo9Z1RXNg0KLS0tLS1FTkQgUEdQ IFNJR05BVFVSRS0tLS0tDQo= --0016e6d975b53ddc3f04c0137395--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAF6rxg=JMUi8mNqO%2BWHCi52brin_0wcZvOu2LNcmXz=jcx_tEw>