Control: tags 799275 + pending Dear maintainer,
I've prepared an NMU for gtk+2.0 (versioned as 2.24.30-1.1) and uploaded it to DELAYED/5. Please feel free to tell me if I should delay it longer. Moritz Muehlenhoff would like to fix CVE-2013-7447 via a jessie-pu (cf. #818615), since it does not warrant a DSA. But this as well can/should be done if the issue is already fixed in unstable. This NMU is aiming for that to have the fix as wel available in jessie in the next point release. Regards, Salvatore
diff -Nru gtk+2.0-2.24.30/debian/changelog gtk+2.0-2.24.30/debian/changelog --- gtk+2.0-2.24.30/debian/changelog 2016-03-07 14:51:23.000000000 +0100 +++ gtk+2.0-2.24.30/debian/changelog 2016-03-18 20:22:11.000000000 +0100 @@ -1,3 +1,10 @@ +gtk+2.0 (2.24.30-1.1) unstable; urgency=medium + + * Non-maintainer upload. + * CVE-2013-7447: Integer overflow in image handling (Closes: #799275) + + -- Salvatore Bonaccorso <[email protected]> Fri, 18 Mar 2016 20:20:37 +0100 + gtk+2.0 (2.24.30-1) unstable; urgency=medium * New upstream release 2.24.30 diff -Nru gtk+2.0-2.24.30/debian/patches/099_CVE-2013-7447.patch gtk+2.0-2.24.30/debian/patches/099_CVE-2013-7447.patch --- gtk+2.0-2.24.30/debian/patches/099_CVE-2013-7447.patch 1970-01-01 01:00:00.000000000 +0100 +++ gtk+2.0-2.24.30/debian/patches/099_CVE-2013-7447.patch 2016-03-18 20:22:11.000000000 +0100 @@ -0,0 +1,30 @@ +From 894b1ae76a32720f4bb3d39cf460402e3ce331d6 Mon Sep 17 00:00:00 2001 +From: Matthias Clasen <[email protected]> +Date: Sat, 29 Jun 2013 22:06:54 -0400 +Subject: Avoid integer overflow + +Use g_malloc_n in gdk_cairo_set_source_pixbuf when allocating +a large block of memory, to avoid integer overflow. + +Pointed out by Bert Massop in +https://bugzilla.gnome.org/show_bug.cgi?id=703220 +--- + gdk/gdkcairo.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/gdk/gdkcairo.c b/gdk/gdkcairo.c +index 19bed04..2e1d8dc 100644 +--- a/gdk/gdkcairo.c ++++ b/gdk/gdkcairo.c +@@ -213,7 +213,7 @@ gdk_cairo_set_source_pixbuf (cairo_t *cr, + format = CAIRO_FORMAT_ARGB32; + + cairo_stride = cairo_format_stride_for_width (format, width); +- cairo_pixels = g_malloc (height * cairo_stride); ++ cairo_pixels = g_malloc_n (height, cairo_stride); + surface = cairo_image_surface_create_for_data ((unsigned char *)cairo_pixels, + format, + width, height, cairo_stride); +-- +cgit v0.12 + diff -Nru gtk+2.0-2.24.30/debian/patches/series gtk+2.0-2.24.30/debian/patches/series --- gtk+2.0-2.24.30/debian/patches/series 2015-05-10 21:13:11.000000000 +0200 +++ gtk+2.0-2.24.30/debian/patches/series 2016-03-18 20:22:11.000000000 +0100 @@ -11,3 +11,4 @@ 061_use_pdf_as_default_printing_standard.patch 065_gir_set_packages.patch 098_multiarch_module_path.patch +099_CVE-2013-7447.patch
