tags 339431 + patch
thanks
On Wed, Nov 16, 2005, Moritz Muehlenhoff wrote:
> An integer overflow in gdk-pixbuf's XPM rendering code can be exploited
> to overwrite the heap and exploit arbitrary code through crafted images.
> Please see
> www.idefense.com/application/poi/display?id=339&type=vulnerabilities
> for more details.
Redhat's bug report for CVE-2005-3186 with a patch attached:
<https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171071>
Did you identify other packages with a copy of this code? In
particular, did you check Gtk 1?
The Redhat security advisory also fixes CVE-2005-2975, for which I see
no entry in the Debian changelog, could you please investifate on this
id and report whether gtk1 and gtk2 are affected for Debian?
Redhat's advisories:
<http://rhn.redhat.com/errata/RHSA-2005-810.html>
<http://rhn.redhat.com/errata/RHSA-2005-811.html>
Redhat bug for CVE-2005-2975 with two patches attached:
<https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171900>
Cheers,
--
Loïc Minier <[EMAIL PROTECTED]>
"What do we want? BRAINS! When do we want it? BRAINS!"
