On 28.01.2015 17:51, intrigeri wrote: > Torsten Schönfeld wrote (28 Jan 2015 16:06:33 GMT) : >> intrigeri <intrigeri+deb...@boum.org>: >>> Brian Manning wrote (28 Jan 2015 02:10:23 GMT) : >>>> Overview of changes in Gtk2 1.2495 (stable) [2015-01-27] >>>> ======================================================== >>> >>>> * Fix incorrect memory management in Gtk2::Gdk::Display::list_devices >>> >>> Did that bug have any security implication? > >> The code was freeing memory that gtk+ still holds onto and might access >> later. So, >> yes, it is conceivable that this can be exploited. > > Thanks. I've not seen a CVE request on oss-security (could have missed > it, though). Will it be allocated in another way, e.g. from the Red > Hat pool? A CVE would help distros a lot.
No, we haven't done any kind of official security-related announcement. Do you really need such an "official" and elaborate effort for this kind of bug fix? These kinds of fixes are done all over the place all the time without special announcements. _______________________________________________ gtk-perl-list mailing list gtk-perl-list@gnome.org https://mail.gnome.org/mailman/listinfo/gtk-perl-list