subject:"Bug#818615\: jessie\-pu\: package gtk\+2.0"

Bug#818615: jessie-pu: package gtk+2.0

2016-03-25 Thread Adam D. Barratt

Control: tags -1 + pending

On Thu, 2016-03-24 at 22:23 +0100, Moritz Mühlenhoff wrote:
> On Thu, Mar 24, 2016 at 06:35:55AM +, Adam D. Barratt wrote:
> > Control: tags -1 + confirmed
> > 
> > On Wed, 2016-03-23 at 23:12 +0100, Moritz Mühlenhoff wrote:
> > [...]
> > > > > > On Fri, 2016-03-18 at 19:33 +0100, Moritz Muehlenhoff wrote:
> > > > > > > I'd like to fix a security issue in GTK, which doesn't really 
> > > > > > > warrant
> > > > > > > a DSA. Debdiff below, I've been running this on my jessie
> > > > > > > workstation for a day now.
> > > > > > > 
> > > > > > > Cheers,
> > > > > > > Moritz
> > > > > > > 
> > > > > > > diff -Nru gtk+2.0-2.24.25/debian/changelog 
> > > > > > > gtk+2.0-2.24.25/debian/changelog
> > > > > > > --- gtk+2.0-2.24.25/debian/changelog  2015-03-03 
> > > > > > > 19:39:59.0 +0100
> > > > > > > +++ gtk+2.0-2.24.25/debian/changelog  2016-03-17 
> > > > > > > 23:20:16.0 +0100
> > > > > > > @@ -1,3 +1,9 @@
> > > > > > > +gtk+2.0 (2.24.25-3+deb8u1) jessie; urgency=medium
> > > > > > > +
> > > > > > > +  * CVE-2013-7447 (Closes: #799275)
> > [...]
> > > This is now in unstable:
> > > https://packages.qa.debian.org/g/gtk+2.0/news/20160323T215045Z.html
> > 
> > Thanks. Please go ahead.
> 
> Uploaded.

Flagged for acceptance.

Regards,

Adam

Bug#818615: jessie-pu: package gtk+2.0

2016-03-24 Thread Moritz Mühlenhoff

On Thu, Mar 24, 2016 at 06:35:55AM +, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Wed, 2016-03-23 at 23:12 +0100, Moritz Mühlenhoff wrote:
> [...]
> > > > > On Fri, 2016-03-18 at 19:33 +0100, Moritz Muehlenhoff wrote:
> > > > > > I'd like to fix a security issue in GTK, which doesn't really 
> > > > > > warrant
> > > > > > a DSA. Debdiff below, I've been running this on my jessie
> > > > > > workstation for a day now.
> > > > > > 
> > > > > > Cheers,
> > > > > > Moritz
> > > > > > 
> > > > > > diff -Nru gtk+2.0-2.24.25/debian/changelog 
> > > > > > gtk+2.0-2.24.25/debian/changelog
> > > > > > --- gtk+2.0-2.24.25/debian/changelog2015-03-03 
> > > > > > 19:39:59.0 +0100
> > > > > > +++ gtk+2.0-2.24.25/debian/changelog2016-03-17 
> > > > > > 23:20:16.0 +0100
> > > > > > @@ -1,3 +1,9 @@
> > > > > > +gtk+2.0 (2.24.25-3+deb8u1) jessie; urgency=medium
> > > > > > +
> > > > > > +  * CVE-2013-7447 (Closes: #799275)
> [...]
> > This is now in unstable:
> > https://packages.qa.debian.org/g/gtk+2.0/news/20160323T215045Z.html
> 
> Thanks. Please go ahead.

Uploaded.

Cheers,
Moritz

Bug#818615: jessie-pu: package gtk+2.0

2016-03-24 Thread Adam D. Barratt

Control: tags -1 + confirmed

On Wed, 2016-03-23 at 23:12 +0100, Moritz Mühlenhoff wrote:
[...]
> > > > On Fri, 2016-03-18 at 19:33 +0100, Moritz Muehlenhoff wrote:
> > > > > I'd like to fix a security issue in GTK, which doesn't really warrant
> > > > > a DSA. Debdiff below, I've been running this on my jessie
> > > > > workstation for a day now.
> > > > > 
> > > > > Cheers,
> > > > > Moritz
> > > > > 
> > > > > diff -Nru gtk+2.0-2.24.25/debian/changelog 
> > > > > gtk+2.0-2.24.25/debian/changelog
> > > > > --- gtk+2.0-2.24.25/debian/changelog  2015-03-03 19:39:59.0 
> > > > > +0100
> > > > > +++ gtk+2.0-2.24.25/debian/changelog  2016-03-17 23:20:16.0 
> > > > > +0100
> > > > > @@ -1,3 +1,9 @@
> > > > > +gtk+2.0 (2.24.25-3+deb8u1) jessie; urgency=medium
> > > > > +
> > > > > +  * CVE-2013-7447 (Closes: #799275)
[...]
> This is now in unstable:
> https://packages.qa.debian.org/g/gtk+2.0/news/20160323T215045Z.html

Thanks. Please go ahead.

Regards,

Adam

Bug#818615: jessie-pu: package gtk+2.0

2016-03-23 Thread Moritz Mühlenhoff

tags 818615 -moreinfo
thanks

On Tue, Mar 22, 2016 at 07:56:40PM +, Adam D. Barratt wrote:
> On Fri, 2016-03-18 at 20:58 +0100, Salvatore Bonaccorso wrote:
> > HI Adam,
> > 
> > Not Moritz here but can answer the question as well:
> > 
> > On Fri, Mar 18, 2016 at 07:22:34PM +, Adam D. Barratt wrote:
> > > Control: tags -1 + moreinfo
> > > 
> > > On Fri, 2016-03-18 at 19:33 +0100, Moritz Muehlenhoff wrote:
> > > > I'd like to fix a security issue in GTK, which doesn't really warrant
> > > > a DSA. Debdiff below, I've been running this on my jessie
> > > > workstation for a day now.
> > > > 
> > > > Cheers,
> > > > Moritz
> > > > 
> > > > diff -Nru gtk+2.0-2.24.25/debian/changelog 
> > > > gtk+2.0-2.24.25/debian/changelog
> > > > --- gtk+2.0-2.24.25/debian/changelog2015-03-03 19:39:59.0 
> > > > +0100
> > > > +++ gtk+2.0-2.24.25/debian/changelog2016-03-17 23:20:16.0 
> > > > +0100
> > > > @@ -1,3 +1,9 @@
> > > > +gtk+2.0 (2.24.25-3+deb8u1) jessie; urgency=medium
> > > > +
> > > > +  * CVE-2013-7447 (Closes: #799275)
> > > 
> > > The Security Tracker suggests that this isn't fixed in the version of
> > > gtk+2.0 in unstable; is that correct?
> > 
> > Yes it is as well unfixed there. I just have proposed a NMU in
> > https://bugs.debian.org/799275#39
> 
> Thanks for that.
> 
> If we don't notice, please feel free to remove the "moreinfo" tag once
> the NMU reaches unstable.

This is now in unstable:
https://packages.qa.debian.org/g/gtk+2.0/news/20160323T215045Z.html

Cheers,
Moritz

Bug#818615: jessie-pu: package gtk+2.0

2016-03-22 Thread Adam D. Barratt

On Fri, 2016-03-18 at 20:58 +0100, Salvatore Bonaccorso wrote:
> HI Adam,
> 
> Not Moritz here but can answer the question as well:
> 
> On Fri, Mar 18, 2016 at 07:22:34PM +, Adam D. Barratt wrote:
> > Control: tags -1 + moreinfo
> > 
> > On Fri, 2016-03-18 at 19:33 +0100, Moritz Muehlenhoff wrote:
> > > I'd like to fix a security issue in GTK, which doesn't really warrant
> > > a DSA. Debdiff below, I've been running this on my jessie
> > > workstation for a day now.
> > > 
> > > Cheers,
> > > Moritz
> > > 
> > > diff -Nru gtk+2.0-2.24.25/debian/changelog 
> > > gtk+2.0-2.24.25/debian/changelog
> > > --- gtk+2.0-2.24.25/debian/changelog  2015-03-03 19:39:59.0 
> > > +0100
> > > +++ gtk+2.0-2.24.25/debian/changelog  2016-03-17 23:20:16.0 
> > > +0100
> > > @@ -1,3 +1,9 @@
> > > +gtk+2.0 (2.24.25-3+deb8u1) jessie; urgency=medium
> > > +
> > > +  * CVE-2013-7447 (Closes: #799275)
> > 
> > The Security Tracker suggests that this isn't fixed in the version of
> > gtk+2.0 in unstable; is that correct?
> 
> Yes it is as well unfixed there. I just have proposed a NMU in
> https://bugs.debian.org/799275#39

Thanks for that.

If we don't notice, please feel free to remove the "moreinfo" tag once
the NMU reaches unstable.

Regards,

Adam

Bug#818615: jessie-pu: package gtk+2.0

2016-03-20 Thread Moritz Muehlenhoff

Package: release.debian.org
Severity: normal

Hi,
I'd like to fix a security issue in GTK, which doesn't really warrant
a DSA. Debdiff below, I've been running this on my jessie
workstation for a day now.

Cheers,
Moritz

diff -Nru gtk+2.0-2.24.25/debian/changelog gtk+2.0-2.24.25/debian/changelog
--- gtk+2.0-2.24.25/debian/changelog2015-03-03 19:39:59.0 +0100
+++ gtk+2.0-2.24.25/debian/changelog2016-03-17 23:20:16.0 +0100
@@ -1,3 +1,9 @@
+gtk+2.0 (2.24.25-3+deb8u1) jessie; urgency=medium
+
+  * CVE-2013-7447 (Closes: #799275)
+
+ -- Moritz M�hlenhoff   Thu, 17 Mar 2016 00:17:18 +0100
+
 gtk+2.0 (2.24.25-3) unstable; urgency=medium
 
   * 0002-gdk-Fix-GdkWindowFilter-internal-refcounting.patch
diff -Nru gtk+2.0-2.24.25/debian/patches/099_CVE-2013-7447.patch 
gtk+2.0-2.24.25/debian/patches/099_CVE-2013-7447.patch
--- gtk+2.0-2.24.25/debian/patches/099_CVE-2013-7447.patch  1970-01-01 
01:00:00.0 +0100
+++ gtk+2.0-2.24.25/debian/patches/099_CVE-2013-7447.patch  2016-03-17 
23:15:42.0 +0100
@@ -0,0 +1,30 @@
+From 894b1ae76a32720f4bb3d39cf460402e3ce331d6 Mon Sep 17 00:00:00 2001
+From: Matthias Clasen 
+Date: Sat, 29 Jun 2013 22:06:54 -0400
+Subject: Avoid integer overflow
+
+Use g_malloc_n in gdk_cairo_set_source_pixbuf when allocating
+a large block of memory, to avoid integer overflow.
+
+Pointed out by Bert Massop in
+https://bugzilla.gnome.org/show_bug.cgi?id=703220
+---
+ gdk/gdkcairo.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/gdk/gdkcairo.c b/gdk/gdkcairo.c
+index 19bed04..2e1d8dc 100644
+--- a/gdk/gdkcairo.c
 b/gdk/gdkcairo.c
+@@ -213,7 +213,7 @@ gdk_cairo_set_source_pixbuf (cairo_t *cr,
+ format = CAIRO_FORMAT_ARGB32;
+ 
+   cairo_stride = cairo_format_stride_for_width (format, width);
+-  cairo_pixels = g_malloc (height * cairo_stride);
++  cairo_pixels = g_malloc_n (height, cairo_stride);
+   surface = cairo_image_surface_create_for_data ((unsigned char 
*)cairo_pixels,
+  format,
+  width, height, cairo_stride);
+-- 
+cgit v0.12
+
diff -Nru gtk+2.0-2.24.25/debian/patches/series 
gtk+2.0-2.24.25/debian/patches/series
--- gtk+2.0-2.24.25/debian/patches/series   2015-03-03 19:36:04.0 
+0100
+++ gtk+2.0-2.24.25/debian/patches/series   2016-03-17 23:17:03.0 
+0100
@@ -14,3 +14,4 @@
 061_use_pdf_as_default_printing_standard.patch
 065_gir_set_packages.patch
 098_multiarch_module_path.patch
+099_CVE-2013-7447.patch

Bug#818615: jessie-pu: package gtk+2.0

2016-03-19 Thread Adam D. Barratt

Control: tags -1 + moreinfo

On Fri, 2016-03-18 at 19:33 +0100, Moritz Muehlenhoff wrote:
> I'd like to fix a security issue in GTK, which doesn't really warrant
> a DSA. Debdiff below, I've been running this on my jessie
> workstation for a day now.
> 
> Cheers,
> Moritz
> 
> diff -Nru gtk+2.0-2.24.25/debian/changelog gtk+2.0-2.24.25/debian/changelog
> --- gtk+2.0-2.24.25/debian/changelog  2015-03-03 19:39:59.0 +0100
> +++ gtk+2.0-2.24.25/debian/changelog  2016-03-17 23:20:16.0 +0100
> @@ -1,3 +1,9 @@
> +gtk+2.0 (2.24.25-3+deb8u1) jessie; urgency=medium
> +
> +  * CVE-2013-7447 (Closes: #799275)

The Security Tracker suggests that this isn't fixed in the version of
gtk+2.0 in unstable; is that correct?

Regards,

Adam

Bug#818615: jessie-pu: package gtk+2.0

2016-03-19 Thread Salvatore Bonaccorso

HI Adam,

Not Moritz here but can answer the question as well:

On Fri, Mar 18, 2016 at 07:22:34PM +, Adam D. Barratt wrote:
> Control: tags -1 + moreinfo
> 
> On Fri, 2016-03-18 at 19:33 +0100, Moritz Muehlenhoff wrote:
> > I'd like to fix a security issue in GTK, which doesn't really warrant
> > a DSA. Debdiff below, I've been running this on my jessie
> > workstation for a day now.
> > 
> > Cheers,
> > Moritz
> > 
> > diff -Nru gtk+2.0-2.24.25/debian/changelog gtk+2.0-2.24.25/debian/changelog
> > --- gtk+2.0-2.24.25/debian/changelog2015-03-03 19:39:59.0 
> > +0100
> > +++ gtk+2.0-2.24.25/debian/changelog2016-03-17 23:20:16.0 
> > +0100
> > @@ -1,3 +1,9 @@
> > +gtk+2.0 (2.24.25-3+deb8u1) jessie; urgency=medium
> > +
> > +  * CVE-2013-7447 (Closes: #799275)
> 
> The Security Tracker suggests that this isn't fixed in the version of
> gtk+2.0 in unstable; is that correct?

Yes it is as well unfixed there. I just have proposed a NMU in
https://bugs.debian.org/799275#39

Hope this helps,

Regards,
Salvatore

Bug#818615: jessie-pu: package gtk+2.0

Bug#818615: jessie-pu: package gtk+2.0

Bug#818615: jessie-pu: package gtk+2.0

Bug#818615: jessie-pu: package gtk+2.0

Bug#818615: jessie-pu: package gtk+2.0

Bug#818615: jessie-pu: package gtk+2.0

Bug#818615: jessie-pu: package gtk+2.0

Bug#818615: jessie-pu: package gtk+2.0

8 matches

Site Navigation

Mail list logo

Footer information