** Changed in: gtk+2.0 (Debian)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gtk+2.0 in Ubuntu.
https://bugs.launchpad.net/bugs/1540811
Title:
[GDK] patch - avoid integer overflow
** Changed in: gtk+2.0 (Debian)
Status: Confirmed => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gtk+2.0 in Ubuntu.
https://bugs.launchpad.net/bugs/1540811
Title:
[GDK] patch - avoid integer overflow when
** Branch linked: lp:~ubuntu-desktop/gtk/ubuntu
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gtk+2.0 in Ubuntu.
https://bugs.launchpad.net/bugs/1540811
Title:
[GDK] patch - avoid integer overflow when allocating a large block of
Thank you guys!
Hope someone from Debian maintainers will take care of it as well...
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gtk+2.0 in Ubuntu.
https://bugs.launchpad.net/bugs/1540811
Title:
[GDK] patch - avoid integer
This bug was fixed in the package gtk+2.0 - 2.24.28-1ubuntu1.1
---
gtk+2.0 (2.24.28-1ubuntu1.1) wily-security; urgency=medium
* gdkcairo-Avoid-integer-overflow.patch: new patch. Cherry-pick upstream
commit from GTK+3 to avoid integer overflow when allocating a large block
This bug was fixed in the package gtk+3.0 - 3.4.2-0ubuntu0.9
---
gtk+3.0 (3.4.2-0ubuntu0.9) precise-security; urgency=medium
* SECURITY UPDATE: integer overflow via large sized image (LP: #1540811)
- debian/patches/CVE-2013-7447.patch: use g_malloc_n in
This bug was fixed in the package gtk+2.0 - 2.24.10-0ubuntu6.3
---
gtk+2.0 (2.24.10-0ubuntu6.3) precise-security; urgency=low
* gdkcairo-Avoid-integer-overflow.patch: new patch. Cherry-pick upstream
commit from GTK+3 to avoid integer overflow when allocating a large block
This bug was fixed in the package gtk+2.0 - 2.24.23-0ubuntu1.4
---
gtk+2.0 (2.24.23-0ubuntu1.4) trusty-security; urgency=medium
* gdkcairo-Avoid-integer-overflow.patch: new patch. Cherry-pick upstream
commit from GTK+3 to avoid integer overflow when allocating a large block
** Changed in: gtk+3.0 (Ubuntu Trusty)
Importance: Undecided => Medium
** Changed in: gtk+3.0 (Ubuntu Wily)
Importance: Undecided => Medium
** Changed in: gtk+3.0 (Ubuntu Xenial)
Importance: Undecided => Medium
--
You received this bug notification because you are a member of Ubuntu
Since this is a security update, I'll sponsor these as security updates,
and not as SRUs.
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-7447
** Also affects: gtk+2.0 (Ubuntu Precise)
Importance: Undecided
Status: New
** Also affects: gtk+2.0 (Ubuntu Trusty)
** Changed in: gtk+2.0 (Debian)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gtk+2.0 in Ubuntu.
https://bugs.launchpad.net/bugs/1540811
Title:
[GDK] patch - avoid integer overflow when allocating
** Also affects: gtk+3.0 (Ubuntu)
Importance: Undecided
Status: New
** Changed in: gtk+3.0 (Ubuntu Precise)
Importance: Undecided => Medium
** Changed in: gtk+3.0 (Ubuntu Precise)
Status: New => Confirmed
** Changed in: gtk+3.0 (Ubuntu Precise)
Assignee: (unassigned) =>
This bug was fixed in the package gtk+2.0 - 2.24.29-1ubuntu2
---
gtk+2.0 (2.24.29-1ubuntu2) xenial; urgency=medium
* gdkcairo-Avoid-integer-overflow.patch: new patch. Cherry-pick upstream
commit from GTK+3 to avoid integer overflow when allocating a large block
of memory in
I've requested CVEs here http://www.openwall.com/lists/oss-
security/2016/02/10/2
It appears this flaw was copy-pasted to a lot of programs.
Thanks
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gtk+2.0 in Ubuntu.
Thank you for your work. I've sponsored the xenial update (with a
modified changelog, we don't have designed maintainers/NMUs in Ubuntu,
also I tweaked the version number to not be .1 and listed the bug
reference).
Once the update gets some testing in xenial we can look at the SRUs
Note that it
Do you know if this issue has a CVE assigned yet? I didn't see one in
the linked bug reports but those references may not have migrated to
those sources yet.
Thanks
** Information type changed from Public to Public Security
--
You received this bug notification because you are a member of
** Changed in: gtk+2.0 (Ubuntu)
Importance: Undecided => High
** Changed in: gtk+2.0 (Ubuntu)
Status: New => Triaged
** Bug watch added: GNOME Bug Tracker #703220
https://bugzilla.gnome.org/show_bug.cgi?id=703220
** Also affects: gtk via
** Changed in: gtk
Status: Unknown => Fix Released
** Changed in: gtk
Importance: Unknown => Low
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gtk+2.0 in Ubuntu.
https://bugs.launchpad.net/bugs/1540811
Title:
[GDK]
** Attachment added: "debdiff with the fix for Precise"
https://bugs.launchpad.net/ubuntu/+source/gtk+2.0/+bug/1540811/+attachment/4561946/+files/gtk2-gdk-precise-debdiff
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gtk+2.0 in
** Attachment added: "debdiff with the fix for Wily"
https://bugs.launchpad.net/ubuntu/+source/gtk+2.0/+bug/1540811/+attachment/4561948/+files/gtk2-gdk-wily-debdiff
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gtk+2.0 in
** Attachment added: "debdiff with the fix for Trusty"
https://bugs.launchpad.net/ubuntu/+source/gtk+2.0/+bug/1540811/+attachment/4561947/+files/gtk2-gdk-trusty-debdiff
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gtk+2.0 in
** Attachment added: "debdiff with the fix for Xenial"
https://bugs.launchpad.net/ubuntu/+source/gtk+2.0/+bug/1540811/+attachment/4561950/+files/gtk2-gdk-xenial-debdiff
** Bug watch added: Debian Bug tracker #799275
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799275
** Also affects:
** Changed in: gtk+2.0 (Debian)
Status: Unknown => New
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gtk+2.0 in Ubuntu.
https://bugs.launchpad.net/bugs/1540811
Title:
[GDK] patch - avoid integer overflow when allocating a
The attachment "debdiff with the fix for Precise" seems to be a debdiff.
The ubuntu-sponsors team has been subscribed to the bug report so that
they can review and hopefully sponsor the debdiff. If the attachment
isn't a patch, please remove the "patch" flag from the attachment,
remove the
24 matches
Mail list logo
