Loic Minier wrote: > On Mon, Nov 21, 2005, Martin Schulze wrote: > > > I found the vulnerability matrix by Moritz Muehlenhoff useful: > > > Woody gtk2 Woody gdk-pixbuf Sarge gtk2 Sarge > > > gdk-pixbuf > > > CVE-2005-2975 1170 284 1170 284 > > > CVE-2005-2976 1317 413 ---- 413 > > > CVE-2005-3186 1255 359 1256 359 > > What's the meaning of the numbers above? > > Line numbers of the problematic code, but I found it useful to find out > which version are affected (all CVEs are present in all packages, all > dists, except 2976 in sarge Gtk2). > > > I had to rebuild the woody packages since you've built them for > > 'stable-security' instead of 'oldstable-security' > > Yes, I awoke in my sleep when I thought about that this night. > > > Could you tell us as well which versions in sid fix these problems? > > Yes, I checked sid's gdk-pixbuf, and it adresses all 3 CVEs since > version 0.22.0-11. I only checked sid's gtk 2.6.10 this morning, and > it was only vulnerable to CVE-2005-3186 and CVE-2005-2975 (not to > CVE-2005-2976), like the sarge gtk, and was fixed in 2.6.10-2.
Ok, this results to the following matrix: old stable (woody) stable (sarge) unstable (sid) gdk-pixbuf 0.17.0-2woody3 0.22.0-8.1 0.22.0-11 gtk+2.0 2.0.2-5woody3 2.6.4-3.1 2.6.10-2 Regards, Joey -- If you come from outside of Finland, you live in wrong country. -- motd of irc.funet.fi Please always Cc to me when replying to me on the lists. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]