[Touch-packages] [Bug 1641912] Re: Please backport two recent-manager patches
This bug was fixed in the package gtk+2.0 - 2.24.30-1ubuntu1.16.04.2 --- gtk+2.0 (2.24.30-1ubuntu1.16.04.2) xenial; urgency=medium * Add debian/patches/lp1641912-add-limit-to-list-size.patch, which fixes a DOS allowing any application to cause all GTK applications to use an arbitrary amount of memory (LP: #1641912). -- Simon Quigley Thu, 20 Jul 2017 16:29:53 -0500 ** Changed in: gtk+2.0 (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu. https://bugs.launchpad.net/bugs/1641912 Title: Please backport two recent-manager patches Status in GTK+: Fix Released Status in gtk+2.0 package in Ubuntu: Fix Released Status in gtk+2.0 source package in Xenial: Fix Released Status in gtk+2.0 source package in Yakkety: Won't Fix Status in gtk+2.0 source package in Zesty: Fix Released Status in gtk+2.0 source package in Artful: Fix Released Bug description: [Impact] Without these fixes, a specially crafted GTK program can cause a Denial of Service attack on any machine with open GTK programs. [Test Case] In the GitHub issue against mate-panel, an individual with the GitHub username clbr wrote a Proof of Concept that can be used to demonstrate that this bug is affecting the system, and this is found here: http://pastebin.ca/3733209 The commenter reports that the Proof of Concept can be built with the following command: gcc -o killer killer.c `pkg-config --cflags --libs gtk+-2.0` [Regression Potential] This fix has been uploaded to Artful and has passed to artful-release, causing no installability problems or autopkgtest regressions. As for the fix itself, there was already a regression spotted, but the patch fixing that regression has been spotted and also fixed in this upload. Since it is putting a limit on the list's size, although this is highly unlikely at this point in time, epgfm on the GitHub issue points out the following: "... However, the incoming fix set a large number of items (1000) as a hard limit. ... Does an application really needs to store 1K recent files? I think even the badassest screen you can possibly buy now wouldn't have enough vertical space to display them all." Should there be the unlikely event that a program needs to use that many recent files, the program will have some issues, but that is a bug in the program that needs to use that many recent files, not GTK itself. tl;dr low regression potential, where there will be regressions is excessively large GTK programs, but that is a bug in the program itself for taking up that much space, not GTK. [Original Description] https://git.gnome.org/browse/gtk+/commit/?h=gtk-2-24&id=a3b2d6a65be9f592de9570c227df00f910167e9e https://git.gnome.org/browse/gtk+/commit/?h=gtk-2-24&id=35871edb318083b2d7e4758cbdaad6109eed60ca Please apply/backport these two patches from the 2.24 branch. They fix a memory DOS, originally reported against mate-panel here: https://github.com/mate-desktop/mate-panel/issues/479 For the GTK3 version of this bug, see bug 1641914 Note that MATE is GTK2 only for Ubuntu 16.04 LTS. To manage notifications about this bug go to: https://bugs.launchpad.net/gtk/+bug/1641912/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1641912] Re: Please backport two recent-manager patches
This bug was fixed in the package gtk+2.0 - 2.24.31-1ubuntu1.1 --- gtk+2.0 (2.24.31-1ubuntu1.1) zesty; urgency=medium * Add debian/patches/lp1641912-add-limit-to-list-size.patch, which fixes a DOS allowing any application to cause all GTK applications to use an arbitrary amount of memory (LP: #1641912). -- Simon Quigley Thu, 20 Jul 2017 16:52:59 -0500 ** Changed in: gtk+2.0 (Ubuntu Zesty) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu. https://bugs.launchpad.net/bugs/1641912 Title: Please backport two recent-manager patches Status in GTK+: Fix Released Status in gtk+2.0 package in Ubuntu: Fix Released Status in gtk+2.0 source package in Xenial: Fix Released Status in gtk+2.0 source package in Yakkety: Won't Fix Status in gtk+2.0 source package in Zesty: Fix Released Status in gtk+2.0 source package in Artful: Fix Released Bug description: [Impact] Without these fixes, a specially crafted GTK program can cause a Denial of Service attack on any machine with open GTK programs. [Test Case] In the GitHub issue against mate-panel, an individual with the GitHub username clbr wrote a Proof of Concept that can be used to demonstrate that this bug is affecting the system, and this is found here: http://pastebin.ca/3733209 The commenter reports that the Proof of Concept can be built with the following command: gcc -o killer killer.c `pkg-config --cflags --libs gtk+-2.0` [Regression Potential] This fix has been uploaded to Artful and has passed to artful-release, causing no installability problems or autopkgtest regressions. As for the fix itself, there was already a regression spotted, but the patch fixing that regression has been spotted and also fixed in this upload. Since it is putting a limit on the list's size, although this is highly unlikely at this point in time, epgfm on the GitHub issue points out the following: "... However, the incoming fix set a large number of items (1000) as a hard limit. ... Does an application really needs to store 1K recent files? I think even the badassest screen you can possibly buy now wouldn't have enough vertical space to display them all." Should there be the unlikely event that a program needs to use that many recent files, the program will have some issues, but that is a bug in the program that needs to use that many recent files, not GTK itself. tl;dr low regression potential, where there will be regressions is excessively large GTK programs, but that is a bug in the program itself for taking up that much space, not GTK. [Original Description] https://git.gnome.org/browse/gtk+/commit/?h=gtk-2-24&id=a3b2d6a65be9f592de9570c227df00f910167e9e https://git.gnome.org/browse/gtk+/commit/?h=gtk-2-24&id=35871edb318083b2d7e4758cbdaad6109eed60ca Please apply/backport these two patches from the 2.24 branch. They fix a memory DOS, originally reported against mate-panel here: https://github.com/mate-desktop/mate-panel/issues/479 For the GTK3 version of this bug, see bug 1641914 Note that MATE is GTK2 only for Ubuntu 16.04 LTS. To manage notifications about this bug go to: https://bugs.launchpad.net/gtk/+bug/1641912/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1641912] Re: Please backport two recent-manager patches
** Tags removed: verification-needed yakkety ** Tags added: artful -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu. https://bugs.launchpad.net/bugs/1641912 Title: Please backport two recent-manager patches Status in GTK+: Fix Released Status in gtk+2.0 package in Ubuntu: Fix Released Status in gtk+2.0 source package in Xenial: Fix Committed Status in gtk+2.0 source package in Yakkety: Won't Fix Status in gtk+2.0 source package in Zesty: Fix Committed Status in gtk+2.0 source package in Artful: Fix Released Bug description: [Impact] Without these fixes, a specially crafted GTK program can cause a Denial of Service attack on any machine with open GTK programs. [Test Case] In the GitHub issue against mate-panel, an individual with the GitHub username clbr wrote a Proof of Concept that can be used to demonstrate that this bug is affecting the system, and this is found here: http://pastebin.ca/3733209 The commenter reports that the Proof of Concept can be built with the following command: gcc -o killer killer.c `pkg-config --cflags --libs gtk+-2.0` [Regression Potential] This fix has been uploaded to Artful and has passed to artful-release, causing no installability problems or autopkgtest regressions. As for the fix itself, there was already a regression spotted, but the patch fixing that regression has been spotted and also fixed in this upload. Since it is putting a limit on the list's size, although this is highly unlikely at this point in time, epgfm on the GitHub issue points out the following: "... However, the incoming fix set a large number of items (1000) as a hard limit. ... Does an application really needs to store 1K recent files? I think even the badassest screen you can possibly buy now wouldn't have enough vertical space to display them all." Should there be the unlikely event that a program needs to use that many recent files, the program will have some issues, but that is a bug in the program that needs to use that many recent files, not GTK itself. tl;dr low regression potential, where there will be regressions is excessively large GTK programs, but that is a bug in the program itself for taking up that much space, not GTK. [Original Description] https://git.gnome.org/browse/gtk+/commit/?h=gtk-2-24&id=a3b2d6a65be9f592de9570c227df00f910167e9e https://git.gnome.org/browse/gtk+/commit/?h=gtk-2-24&id=35871edb318083b2d7e4758cbdaad6109eed60ca Please apply/backport these two patches from the 2.24 branch. They fix a memory DOS, originally reported against mate-panel here: https://github.com/mate-desktop/mate-panel/issues/479 For the GTK3 version of this bug, see bug 1641914 Note that MATE is GTK2 only for Ubuntu 16.04 LTS. To manage notifications about this bug go to: https://bugs.launchpad.net/gtk/+bug/1641912/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1641912] Re: Please backport two recent-manager patches
Tested the POC against version 2.24.30-1ubuntu1.16.04.2 from xenial-proposed. Updated package fixes the bug. ** Tags removed: verification-needed-xenial ** Tags added: verification-done-xenial -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu. https://bugs.launchpad.net/bugs/1641912 Title: Please backport two recent-manager patches Status in GTK+: Fix Released Status in gtk+2.0 package in Ubuntu: Fix Released Status in gtk+2.0 source package in Xenial: Fix Committed Status in gtk+2.0 source package in Yakkety: Won't Fix Status in gtk+2.0 source package in Zesty: Fix Committed Status in gtk+2.0 source package in Artful: Fix Released Bug description: [Impact] Without these fixes, a specially crafted GTK program can cause a Denial of Service attack on any machine with open GTK programs. [Test Case] In the GitHub issue against mate-panel, an individual with the GitHub username clbr wrote a Proof of Concept that can be used to demonstrate that this bug is affecting the system, and this is found here: http://pastebin.ca/3733209 The commenter reports that the Proof of Concept can be built with the following command: gcc -o killer killer.c `pkg-config --cflags --libs gtk+-2.0` [Regression Potential] This fix has been uploaded to Artful and has passed to artful-release, causing no installability problems or autopkgtest regressions. As for the fix itself, there was already a regression spotted, but the patch fixing that regression has been spotted and also fixed in this upload. Since it is putting a limit on the list's size, although this is highly unlikely at this point in time, epgfm on the GitHub issue points out the following: "... However, the incoming fix set a large number of items (1000) as a hard limit. ... Does an application really needs to store 1K recent files? I think even the badassest screen you can possibly buy now wouldn't have enough vertical space to display them all." Should there be the unlikely event that a program needs to use that many recent files, the program will have some issues, but that is a bug in the program that needs to use that many recent files, not GTK itself. tl;dr low regression potential, where there will be regressions is excessively large GTK programs, but that is a bug in the program itself for taking up that much space, not GTK. [Original Description] https://git.gnome.org/browse/gtk+/commit/?h=gtk-2-24&id=a3b2d6a65be9f592de9570c227df00f910167e9e https://git.gnome.org/browse/gtk+/commit/?h=gtk-2-24&id=35871edb318083b2d7e4758cbdaad6109eed60ca Please apply/backport these two patches from the 2.24 branch. They fix a memory DOS, originally reported against mate-panel here: https://github.com/mate-desktop/mate-panel/issues/479 For the GTK3 version of this bug, see bug 1641914 Note that MATE is GTK2 only for Ubuntu 16.04 LTS. To manage notifications about this bug go to: https://bugs.launchpad.net/gtk/+bug/1641912/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1641912] Re: Please backport two recent-manager patches
Tested the POC against version 2.24.31-1ubuntu1.1 from zesty-proposed. Updated package fixes the bug. ** Tags removed: verification-needed-zesty ** Tags added: verification-done-zesty -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu. https://bugs.launchpad.net/bugs/1641912 Title: Please backport two recent-manager patches Status in GTK+: Fix Released Status in gtk+2.0 package in Ubuntu: Fix Released Status in gtk+2.0 source package in Xenial: Fix Committed Status in gtk+2.0 source package in Yakkety: Won't Fix Status in gtk+2.0 source package in Zesty: Fix Committed Status in gtk+2.0 source package in Artful: Fix Released Bug description: [Impact] Without these fixes, a specially crafted GTK program can cause a Denial of Service attack on any machine with open GTK programs. [Test Case] In the GitHub issue against mate-panel, an individual with the GitHub username clbr wrote a Proof of Concept that can be used to demonstrate that this bug is affecting the system, and this is found here: http://pastebin.ca/3733209 The commenter reports that the Proof of Concept can be built with the following command: gcc -o killer killer.c `pkg-config --cflags --libs gtk+-2.0` [Regression Potential] This fix has been uploaded to Artful and has passed to artful-release, causing no installability problems or autopkgtest regressions. As for the fix itself, there was already a regression spotted, but the patch fixing that regression has been spotted and also fixed in this upload. Since it is putting a limit on the list's size, although this is highly unlikely at this point in time, epgfm on the GitHub issue points out the following: "... However, the incoming fix set a large number of items (1000) as a hard limit. ... Does an application really needs to store 1K recent files? I think even the badassest screen you can possibly buy now wouldn't have enough vertical space to display them all." Should there be the unlikely event that a program needs to use that many recent files, the program will have some issues, but that is a bug in the program that needs to use that many recent files, not GTK itself. tl;dr low regression potential, where there will be regressions is excessively large GTK programs, but that is a bug in the program itself for taking up that much space, not GTK. [Original Description] https://git.gnome.org/browse/gtk+/commit/?h=gtk-2-24&id=a3b2d6a65be9f592de9570c227df00f910167e9e https://git.gnome.org/browse/gtk+/commit/?h=gtk-2-24&id=35871edb318083b2d7e4758cbdaad6109eed60ca Please apply/backport these two patches from the 2.24 branch. They fix a memory DOS, originally reported against mate-panel here: https://github.com/mate-desktop/mate-panel/issues/479 For the GTK3 version of this bug, see bug 1641914 Note that MATE is GTK2 only for Ubuntu 16.04 LTS. To manage notifications about this bug go to: https://bugs.launchpad.net/gtk/+bug/1641912/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1641912] Re: Please backport two recent-manager patches
Hello Curaga, or anyone else affected, Accepted gtk+2.0 into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/gtk+2.0/2.24.30-1ubuntu1.16.04.2 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, details of your testing will help us make a better decision. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance! ** Changed in: gtk+2.0 (Ubuntu Xenial) Status: In Progress => Fix Committed ** Tags added: verification-needed-xenial -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu. https://bugs.launchpad.net/bugs/1641912 Title: Please backport two recent-manager patches Status in GTK+: Fix Released Status in gtk+2.0 package in Ubuntu: Fix Released Status in gtk+2.0 source package in Xenial: Fix Committed Status in gtk+2.0 source package in Yakkety: Won't Fix Status in gtk+2.0 source package in Zesty: Fix Committed Status in gtk+2.0 source package in Artful: Fix Released Bug description: [Impact] Without these fixes, a specially crafted GTK program can cause a Denial of Service attack on any machine with open GTK programs. [Test Case] In the GitHub issue against mate-panel, an individual with the GitHub username clbr wrote a Proof of Concept that can be used to demonstrate that this bug is affecting the system, and this is found here: http://pastebin.ca/3733209 The commenter reports that the Proof of Concept can be built with the following command: gcc -o killer killer.c `pkg-config --cflags --libs gtk+-2.0` [Regression Potential] This fix has been uploaded to Artful and has passed to artful-release, causing no installability problems or autopkgtest regressions. As for the fix itself, there was already a regression spotted, but the patch fixing that regression has been spotted and also fixed in this upload. Since it is putting a limit on the list's size, although this is highly unlikely at this point in time, epgfm on the GitHub issue points out the following: "... However, the incoming fix set a large number of items (1000) as a hard limit. ... Does an application really needs to store 1K recent files? I think even the badassest screen you can possibly buy now wouldn't have enough vertical space to display them all." Should there be the unlikely event that a program needs to use that many recent files, the program will have some issues, but that is a bug in the program that needs to use that many recent files, not GTK itself. tl;dr low regression potential, where there will be regressions is excessively large GTK programs, but that is a bug in the program itself for taking up that much space, not GTK. [Original Description] https://git.gnome.org/browse/gtk+/commit/?h=gtk-2-24&id=a3b2d6a65be9f592de9570c227df00f910167e9e https://git.gnome.org/browse/gtk+/commit/?h=gtk-2-24&id=35871edb318083b2d7e4758cbdaad6109eed60ca Please apply/backport these two patches from the 2.24 branch. They fix a memory DOS, originally reported against mate-panel here: https://github.com/mate-desktop/mate-panel/issues/479 For the GTK3 version of this bug, see bug 1641914 Note that MATE is GTK2 only for Ubuntu 16.04 LTS. To manage notifications about this bug go to: https://bugs.launchpad.net/gtk/+bug/1641912/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1641912] Re: Please backport two recent-manager patches
Thank you! This is exactly what I needed, especially the regression potential field - very good! ** Changed in: gtk+2.0 (Ubuntu Zesty) Status: In Progress => Fix Committed ** Tags added: verification-needed verification-needed-zesty -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu. https://bugs.launchpad.net/bugs/1641912 Title: Please backport two recent-manager patches Status in GTK+: Fix Released Status in gtk+2.0 package in Ubuntu: Fix Released Status in gtk+2.0 source package in Xenial: In Progress Status in gtk+2.0 source package in Yakkety: Won't Fix Status in gtk+2.0 source package in Zesty: Fix Committed Status in gtk+2.0 source package in Artful: Fix Released Bug description: [Impact] Without these fixes, a specially crafted GTK program can cause a Denial of Service attack on any machine with open GTK programs. [Test Case] In the GitHub issue against mate-panel, an individual with the GitHub username clbr wrote a Proof of Concept that can be used to demonstrate that this bug is affecting the system, and this is found here: http://pastebin.ca/3733209 The commenter reports that the Proof of Concept can be built with the following command: gcc -o killer killer.c `pkg-config --cflags --libs gtk+-2.0` [Regression Potential] This fix has been uploaded to Artful and has passed to artful-release, causing no installability problems or autopkgtest regressions. As for the fix itself, there was already a regression spotted, but the patch fixing that regression has been spotted and also fixed in this upload. Since it is putting a limit on the list's size, although this is highly unlikely at this point in time, epgfm on the GitHub issue points out the following: "... However, the incoming fix set a large number of items (1000) as a hard limit. ... Does an application really needs to store 1K recent files? I think even the badassest screen you can possibly buy now wouldn't have enough vertical space to display them all." Should there be the unlikely event that a program needs to use that many recent files, the program will have some issues, but that is a bug in the program that needs to use that many recent files, not GTK itself. tl;dr low regression potential, where there will be regressions is excessively large GTK programs, but that is a bug in the program itself for taking up that much space, not GTK. [Original Description] https://git.gnome.org/browse/gtk+/commit/?h=gtk-2-24&id=a3b2d6a65be9f592de9570c227df00f910167e9e https://git.gnome.org/browse/gtk+/commit/?h=gtk-2-24&id=35871edb318083b2d7e4758cbdaad6109eed60ca Please apply/backport these two patches from the 2.24 branch. They fix a memory DOS, originally reported against mate-panel here: https://github.com/mate-desktop/mate-panel/issues/479 For the GTK3 version of this bug, see bug 1641914 Note that MATE is GTK2 only for Ubuntu 16.04 LTS. To manage notifications about this bug go to: https://bugs.launchpad.net/gtk/+bug/1641912/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1641912] Re: Please backport two recent-manager patches
Hello Łukasz! I have updated the bug report to follow the SRU documentation (apologies, I spaced filling out the bug report). ** Description changed: + [Impact] + + Without these fixes, a specially crafted GTK program can cause a Denial + of Service attack on any machine with open GTK programs. + + [Test Case] + + In the GitHub issue against mate-panel, an individual with the GitHub + username clbr wrote a Proof of Concept that can be used to demonstrate + that this bug is affecting the system, and this is found here: + http://pastebin.ca/3733209 + + The commenter reports that the Proof of Concept can be built with the following command: + gcc -o killer killer.c `pkg-config --cflags --libs gtk+-2.0` + + [Regression Potential] + + This fix has been uploaded to Artful and has passed to artful-release, + causing no installability problems or autopkgtest regressions. + + As for the fix itself, there was already a regression spotted, but the + patch fixing that regression has been spotted and also fixed in this + upload. Since it is putting a limit on the list's size, although this is + highly unlikely at this point in time, epgfm on the GitHub issue points + out the following: + + "... + + However, the incoming fix set a large number of items (1000) as a hard + limit. + + ... + + Does an application really needs to store 1K recent files? I think even + the badassest screen you can possibly buy now wouldn't have enough + vertical space to display them all." + + Should there be the unlikely event that a program needs to use that many + recent files, the program will have some issues, but that is a bug in + the program that needs to use that many recent files, not GTK itself. + + tl;dr low regression potential, where there will be regressions is + excessively large GTK programs, but that is a bug in the program itself + for taking up that much space, not GTK. + + [Original Description] + https://git.gnome.org/browse/gtk+/commit/?h=gtk-2-24&id=a3b2d6a65be9f592de9570c227df00f910167e9e https://git.gnome.org/browse/gtk+/commit/?h=gtk-2-24&id=35871edb318083b2d7e4758cbdaad6109eed60ca Please apply/backport these two patches from the 2.24 branch. They fix a memory DOS, originally reported against mate-panel here: https://github.com/mate-desktop/mate-panel/issues/479 For the GTK3 version of this bug, see bug 1641914 Note that MATE is GTK2 only for Ubuntu 16.04 LTS. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu. https://bugs.launchpad.net/bugs/1641912 Title: Please backport two recent-manager patches Status in GTK+: Fix Released Status in gtk+2.0 package in Ubuntu: Fix Released Status in gtk+2.0 source package in Xenial: In Progress Status in gtk+2.0 source package in Yakkety: Won't Fix Status in gtk+2.0 source package in Zesty: In Progress Status in gtk+2.0 source package in Artful: Fix Released Bug description: [Impact] Without these fixes, a specially crafted GTK program can cause a Denial of Service attack on any machine with open GTK programs. [Test Case] In the GitHub issue against mate-panel, an individual with the GitHub username clbr wrote a Proof of Concept that can be used to demonstrate that this bug is affecting the system, and this is found here: http://pastebin.ca/3733209 The commenter reports that the Proof of Concept can be built with the following command: gcc -o killer killer.c `pkg-config --cflags --libs gtk+-2.0` [Regression Potential] This fix has been uploaded to Artful and has passed to artful-release, causing no installability problems or autopkgtest regressions. As for the fix itself, there was already a regression spotted, but the patch fixing that regression has been spotted and also fixed in this upload. Since it is putting a limit on the list's size, although this is highly unlikely at this point in time, epgfm on the GitHub issue points out the following: "... However, the incoming fix set a large number of items (1000) as a hard limit. ... Does an application really needs to store 1K recent files? I think even the badassest screen you can possibly buy now wouldn't have enough vertical space to display them all." Should there be the unlikely event that a program needs to use that many recent files, the program will have some issues, but that is a bug in the program that needs to use that many recent files, not GTK itself. tl;dr low regression potential, where there will be regressions is excessively large GTK programs, but that is a bug in the program itself for taking up that much space, not GTK. [Original Description] https://git.gnome.org/browse/gtk+/commit/?h=gtk-2-24&id=a3b2d6a65be9f592de9570c227df00f910167e9e https://git.gnome.org/browse/gtk+/commit/?h=gtk-2-24&id=35871edb318083b2d7e4758cbdaad6109eed60ca Please apply/backport these two patches from t
[Touch-packages] [Bug 1641912] Re: Please backport two recent-manager patches
Hello! Thank you for preparing and uploading the fix for our stable releases. For us to be able to properly review your SRU we would need some more information included in this bug. Please update the bug description to include the SRU template as found here: https://wiki.ubuntu.com/StableReleaseUpdates#SRU_Bug_Template We need to know what impact this bug has (how much the fixes better the current situation?), a reliable test case and a quick analysis of possible regression scenarios after the fix has been applied (looking at the changes and thinking: what could possibly go wrong in the worst scenario?). Thank you! -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu. https://bugs.launchpad.net/bugs/1641912 Title: Please backport two recent-manager patches Status in GTK+: Fix Released Status in gtk+2.0 package in Ubuntu: Fix Released Status in gtk+2.0 source package in Xenial: In Progress Status in gtk+2.0 source package in Yakkety: Won't Fix Status in gtk+2.0 source package in Zesty: In Progress Status in gtk+2.0 source package in Artful: Fix Released Bug description: https://git.gnome.org/browse/gtk+/commit/?h=gtk-2-24&id=a3b2d6a65be9f592de9570c227df00f910167e9e https://git.gnome.org/browse/gtk+/commit/?h=gtk-2-24&id=35871edb318083b2d7e4758cbdaad6109eed60ca Please apply/backport these two patches from the 2.24 branch. They fix a memory DOS, originally reported against mate-panel here: https://github.com/mate-desktop/mate-panel/issues/479 For the GTK3 version of this bug, see bug 1641914 Note that MATE is GTK2 only for Ubuntu 16.04 LTS. To manage notifications about this bug go to: https://bugs.launchpad.net/gtk/+bug/1641912/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1641912] Re: Please backport two recent-manager patches
This bug was fixed in the package gtk+2.0 - 2.24.31-1ubuntu2 --- gtk+2.0 (2.24.31-1ubuntu2) artful; urgency=medium * Add debian/patches/lp1641912-add-limit-to-list-size.patch, which fixes a DOS allowing any application to cause all GTK applications to use an arbitrary amount of memory (LP: #1641912). -- Simon Quigley Thu, 20 Jul 2017 16:52:59 -0500 ** Changed in: gtk+2.0 (Ubuntu Artful) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu. https://bugs.launchpad.net/bugs/1641912 Title: Please backport two recent-manager patches Status in GTK+: Fix Released Status in gtk+2.0 package in Ubuntu: Fix Released Status in gtk+2.0 source package in Xenial: In Progress Status in gtk+2.0 source package in Yakkety: Won't Fix Status in gtk+2.0 source package in Zesty: In Progress Status in gtk+2.0 source package in Artful: Fix Released Bug description: https://git.gnome.org/browse/gtk+/commit/?h=gtk-2-24&id=a3b2d6a65be9f592de9570c227df00f910167e9e https://git.gnome.org/browse/gtk+/commit/?h=gtk-2-24&id=35871edb318083b2d7e4758cbdaad6109eed60ca Please apply/backport these two patches from the 2.24 branch. They fix a memory DOS, originally reported against mate-panel here: https://github.com/mate-desktop/mate-panel/issues/479 For the GTK3 version of this bug, see bug 1641914 Note that MATE is GTK2 only for Ubuntu 16.04 LTS. To manage notifications about this bug go to: https://bugs.launchpad.net/gtk/+bug/1641912/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1641912] Re: Please backport two recent-manager patches
** Changed in: gtk+2.0 (Ubuntu Zesty) Assignee: (unassigned) => Simon Quigley (tsimonq2) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu. https://bugs.launchpad.net/bugs/1641912 Title: Please backport two recent-manager patches Status in GTK+: Fix Released Status in gtk+2.0 package in Ubuntu: In Progress Status in gtk+2.0 source package in Xenial: In Progress Status in gtk+2.0 source package in Yakkety: Won't Fix Status in gtk+2.0 source package in Zesty: In Progress Status in gtk+2.0 source package in Artful: In Progress Bug description: https://git.gnome.org/browse/gtk+/commit/?h=gtk-2-24&id=a3b2d6a65be9f592de9570c227df00f910167e9e https://git.gnome.org/browse/gtk+/commit/?h=gtk-2-24&id=35871edb318083b2d7e4758cbdaad6109eed60ca Please apply/backport these two patches from the 2.24 branch. They fix a memory DOS, originally reported against mate-panel here: https://github.com/mate-desktop/mate-panel/issues/479 For the GTK3 version of this bug, see bug 1641914 Note that MATE is GTK2 only for Ubuntu 16.04 LTS. To manage notifications about this bug go to: https://bugs.launchpad.net/gtk/+bug/1641912/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1641912] Re: Please backport two recent-manager patches
** Also affects: gtk+2.0 (Ubuntu Artful) Importance: Critical Assignee: Simon Quigley (tsimonq2) Status: In Progress ** Also affects: gtk+2.0 (Ubuntu Zesty) Importance: Undecided Status: New ** Changed in: gtk+2.0 (Ubuntu Zesty) Status: New => In Progress ** Changed in: gtk+2.0 (Ubuntu Zesty) Importance: Undecided => Critical -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu. https://bugs.launchpad.net/bugs/1641912 Title: Please backport two recent-manager patches Status in GTK+: Fix Released Status in gtk+2.0 package in Ubuntu: In Progress Status in gtk+2.0 source package in Xenial: In Progress Status in gtk+2.0 source package in Yakkety: Won't Fix Status in gtk+2.0 source package in Zesty: In Progress Status in gtk+2.0 source package in Artful: In Progress Bug description: https://git.gnome.org/browse/gtk+/commit/?h=gtk-2-24&id=a3b2d6a65be9f592de9570c227df00f910167e9e https://git.gnome.org/browse/gtk+/commit/?h=gtk-2-24&id=35871edb318083b2d7e4758cbdaad6109eed60ca Please apply/backport these two patches from the 2.24 branch. They fix a memory DOS, originally reported against mate-panel here: https://github.com/mate-desktop/mate-panel/issues/479 For the GTK3 version of this bug, see bug 1641914 Note that MATE is GTK2 only for Ubuntu 16.04 LTS. To manage notifications about this bug go to: https://bugs.launchpad.net/gtk/+bug/1641912/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1641912] Re: Please backport two recent-manager patches
Attached is a debdiff for Artful applicable to 2.24.31-1ubuntu1. ** Patch added: "1-2.24.31-1ubuntu2.debdiff" https://bugs.launchpad.net/ubuntu/+source/gtk+2.0/+bug/1641912/+attachment/4918517/+files/1-2.24.31-1ubuntu2.debdiff -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu. https://bugs.launchpad.net/bugs/1641912 Title: Please backport two recent-manager patches Status in GTK+: Fix Released Status in gtk+2.0 package in Ubuntu: In Progress Status in gtk+2.0 source package in Xenial: In Progress Status in gtk+2.0 source package in Yakkety: Won't Fix Bug description: https://git.gnome.org/browse/gtk+/commit/?h=gtk-2-24&id=a3b2d6a65be9f592de9570c227df00f910167e9e https://git.gnome.org/browse/gtk+/commit/?h=gtk-2-24&id=35871edb318083b2d7e4758cbdaad6109eed60ca Please apply/backport these two patches from the 2.24 branch. They fix a memory DOS, originally reported against mate-panel here: https://github.com/mate-desktop/mate-panel/issues/479 For the GTK3 version of this bug, see bug 1641914 Note that MATE is GTK2 only for Ubuntu 16.04 LTS. To manage notifications about this bug go to: https://bugs.launchpad.net/gtk/+bug/1641912/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1641912] Re: Please backport two recent-manager patches
Attached is a debdiff for Zesty applicable to 2.24.31-1ubuntu1. ** Patch added: "1-2.24.31-1ubuntu1.1.debdiff" https://bugs.launchpad.net/ubuntu/+source/gtk+2.0/+bug/1641912/+attachment/4918516/+files/1-2.24.31-1ubuntu1.1.debdiff -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu. https://bugs.launchpad.net/bugs/1641912 Title: Please backport two recent-manager patches Status in GTK+: Fix Released Status in gtk+2.0 package in Ubuntu: In Progress Status in gtk+2.0 source package in Xenial: In Progress Status in gtk+2.0 source package in Yakkety: Won't Fix Bug description: https://git.gnome.org/browse/gtk+/commit/?h=gtk-2-24&id=a3b2d6a65be9f592de9570c227df00f910167e9e https://git.gnome.org/browse/gtk+/commit/?h=gtk-2-24&id=35871edb318083b2d7e4758cbdaad6109eed60ca Please apply/backport these two patches from the 2.24 branch. They fix a memory DOS, originally reported against mate-panel here: https://github.com/mate-desktop/mate-panel/issues/479 For the GTK3 version of this bug, see bug 1641914 Note that MATE is GTK2 only for Ubuntu 16.04 LTS. To manage notifications about this bug go to: https://bugs.launchpad.net/gtk/+bug/1641912/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1641912] Re: Please backport two recent-manager patches
Attached is a debdiff for Xenial applicable to 2.24.30-1ubuntu1.16.04.1. ** Patch added: "1-2.24.30-1ubuntu1.16.04.2.debdiff" https://bugs.launchpad.net/ubuntu/+source/gtk+2.0/+bug/1641912/+attachment/4918508/+files/1-2.24.30-1ubuntu1.16.04.2.debdiff -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu. https://bugs.launchpad.net/bugs/1641912 Title: Please backport two recent-manager patches Status in GTK+: Fix Released Status in gtk+2.0 package in Ubuntu: In Progress Status in gtk+2.0 source package in Xenial: In Progress Status in gtk+2.0 source package in Yakkety: Won't Fix Bug description: https://git.gnome.org/browse/gtk+/commit/?h=gtk-2-24&id=a3b2d6a65be9f592de9570c227df00f910167e9e https://git.gnome.org/browse/gtk+/commit/?h=gtk-2-24&id=35871edb318083b2d7e4758cbdaad6109eed60ca Please apply/backport these two patches from the 2.24 branch. They fix a memory DOS, originally reported against mate-panel here: https://github.com/mate-desktop/mate-panel/issues/479 For the GTK3 version of this bug, see bug 1641914 Note that MATE is GTK2 only for Ubuntu 16.04 LTS. To manage notifications about this bug go to: https://bugs.launchpad.net/gtk/+bug/1641912/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1641912] Re: Please backport two recent-manager patches
** Changed in: gtk+2.0 (Ubuntu Xenial) Assignee: (unassigned) => Simon Quigley (tsimonq2) ** Changed in: gtk+2.0 (Ubuntu Xenial) Status: Confirmed => In Progress ** Changed in: gtk+2.0 (Ubuntu) Assignee: (unassigned) => Simon Quigley (tsimonq2) ** Changed in: gtk+2.0 (Ubuntu) Status: Confirmed => In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu. https://bugs.launchpad.net/bugs/1641912 Title: Please backport two recent-manager patches Status in GTK+: Fix Released Status in gtk+2.0 package in Ubuntu: In Progress Status in gtk+2.0 source package in Xenial: In Progress Status in gtk+2.0 source package in Yakkety: Won't Fix Bug description: https://git.gnome.org/browse/gtk+/commit/?h=gtk-2-24&id=a3b2d6a65be9f592de9570c227df00f910167e9e https://git.gnome.org/browse/gtk+/commit/?h=gtk-2-24&id=35871edb318083b2d7e4758cbdaad6109eed60ca Please apply/backport these two patches from the 2.24 branch. They fix a memory DOS, originally reported against mate-panel here: https://github.com/mate-desktop/mate-panel/issues/479 For the GTK3 version of this bug, see bug 1641914 Note that MATE is GTK2 only for Ubuntu 16.04 LTS. To manage notifications about this bug go to: https://bugs.launchpad.net/gtk/+bug/1641912/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1641912] Re: Please backport two recent-manager patches
Yakkety 16.10 goes EOL this month. ** Changed in: gtk+2.0 (Ubuntu Yakkety) Status: Confirmed => Won't Fix -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu. https://bugs.launchpad.net/bugs/1641912 Title: Please backport two recent-manager patches Status in GTK+: Fix Released Status in gtk+2.0 package in Ubuntu: Confirmed Status in gtk+2.0 source package in Xenial: Confirmed Status in gtk+2.0 source package in Yakkety: Won't Fix Bug description: https://git.gnome.org/browse/gtk+/commit/?h=gtk-2-24&id=a3b2d6a65be9f592de9570c227df00f910167e9e https://git.gnome.org/browse/gtk+/commit/?h=gtk-2-24&id=35871edb318083b2d7e4758cbdaad6109eed60ca Please apply/backport these two patches from the 2.24 branch. They fix a memory DOS, originally reported against mate-panel here: https://github.com/mate-desktop/mate-panel/issues/479 For the GTK3 version of this bug, see bug 1641914 Note that MATE is GTK2 only for Ubuntu 16.04 LTS. To manage notifications about this bug go to: https://bugs.launchpad.net/gtk/+bug/1641912/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1641912] Re: Please backport two recent-manager patches
** Changed in: gtk+2.0 (Ubuntu) Importance: Undecided => Critical ** Changed in: gtk+2.0 (Ubuntu Xenial) Importance: Undecided => Critical ** Changed in: gtk+2.0 (Ubuntu Yakkety) Importance: Undecided => Critical ** Changed in: gtk+2.0 (Ubuntu) Importance: Critical => High ** Changed in: gtk+2.0 (Ubuntu Xenial) Importance: Critical => High ** Changed in: gtk+2.0 (Ubuntu Xenial) Importance: High => Critical ** Changed in: gtk+2.0 (Ubuntu) Importance: High => Critical -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu. https://bugs.launchpad.net/bugs/1641912 Title: Please backport two recent-manager patches Status in GTK+: Fix Released Status in gtk+2.0 package in Ubuntu: Confirmed Status in gtk+2.0 source package in Xenial: Confirmed Status in gtk+2.0 source package in Yakkety: Confirmed Bug description: https://git.gnome.org/browse/gtk+/commit/?h=gtk-2-24&id=a3b2d6a65be9f592de9570c227df00f910167e9e https://git.gnome.org/browse/gtk+/commit/?h=gtk-2-24&id=35871edb318083b2d7e4758cbdaad6109eed60ca Please apply/backport these two patches from the 2.24 branch. They fix a memory DOS, originally reported against mate-panel here: https://github.com/mate-desktop/mate-panel/issues/479 For the GTK3 version of this bug, see bug 1641914 Note that MATE is GTK2 only for Ubuntu 16.04 LTS. To manage notifications about this bug go to: https://bugs.launchpad.net/gtk/+bug/1641912/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1641912] Re: Please backport two recent-manager patches
** Changed in: gtk Status: Unknown => Fix Released ** Changed in: gtk Importance: Unknown => Medium -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu. https://bugs.launchpad.net/bugs/1641912 Title: Please backport two recent-manager patches Status in GTK+: Fix Released Status in gtk+2.0 package in Ubuntu: Confirmed Status in gtk+2.0 source package in Xenial: Confirmed Status in gtk+2.0 source package in Yakkety: Confirmed Bug description: https://git.gnome.org/browse/gtk+/commit/?h=gtk-2-24&id=a3b2d6a65be9f592de9570c227df00f910167e9e https://git.gnome.org/browse/gtk+/commit/?h=gtk-2-24&id=35871edb318083b2d7e4758cbdaad6109eed60ca Please apply/backport these two patches from the 2.24 branch. They fix a memory DOS, originally reported against mate-panel here: https://github.com/mate-desktop/mate-panel/issues/479 For the GTK3 version of this bug, see bug 1641914 Note that MATE is GTK2 only for Ubuntu 16.04 LTS. To manage notifications about this bug go to: https://bugs.launchpad.net/gtk/+bug/1641912/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1641912] Re: Please backport two recent-manager patches
** Bug watch added: GNOME Bug Tracker #773587 https://bugzilla.gnome.org/show_bug.cgi?id=773587 ** Also affects: gtk via https://bugzilla.gnome.org/show_bug.cgi?id=773587 Importance: Unknown Status: Unknown ** Description changed: https://git.gnome.org/browse/gtk+/commit/?h=gtk-2-24&id=a3b2d6a65be9f592de9570c227df00f910167e9e https://git.gnome.org/browse/gtk+/commit/?h=gtk-2-24&id=35871edb318083b2d7e4758cbdaad6109eed60ca Please apply/backport these two patches from the 2.24 branch. They fix a memory DOS, originally reported against mate-panel here: https://github.com/mate-desktop/mate-panel/issues/479 + + For the GTK3 version of this bug, see bug 1641914 + Note that MATE is GTK2 only for Ubuntu 16.04 LTS. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu. https://bugs.launchpad.net/bugs/1641912 Title: Please backport two recent-manager patches Status in GTK+: Unknown Status in gtk+2.0 package in Ubuntu: Confirmed Status in gtk+2.0 source package in Xenial: Confirmed Status in gtk+2.0 source package in Yakkety: Confirmed Bug description: https://git.gnome.org/browse/gtk+/commit/?h=gtk-2-24&id=a3b2d6a65be9f592de9570c227df00f910167e9e https://git.gnome.org/browse/gtk+/commit/?h=gtk-2-24&id=35871edb318083b2d7e4758cbdaad6109eed60ca Please apply/backport these two patches from the 2.24 branch. They fix a memory DOS, originally reported against mate-panel here: https://github.com/mate-desktop/mate-panel/issues/479 For the GTK3 version of this bug, see bug 1641914 Note that MATE is GTK2 only for Ubuntu 16.04 LTS. To manage notifications about this bug go to: https://bugs.launchpad.net/gtk/+bug/1641912/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1641912] Re: Please backport two recent-manager patches
** Tags added: xenial yakkety zesty ** Also affects: gtk+2.0 (Ubuntu Yakkety) Importance: Undecided Status: New ** Also affects: gtk+2.0 (Ubuntu Xenial) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu. https://bugs.launchpad.net/bugs/1641912 Title: Please backport two recent-manager patches Status in GTK+: Unknown Status in gtk+2.0 package in Ubuntu: Confirmed Status in gtk+2.0 source package in Xenial: Confirmed Status in gtk+2.0 source package in Yakkety: Confirmed Bug description: https://git.gnome.org/browse/gtk+/commit/?h=gtk-2-24&id=a3b2d6a65be9f592de9570c227df00f910167e9e https://git.gnome.org/browse/gtk+/commit/?h=gtk-2-24&id=35871edb318083b2d7e4758cbdaad6109eed60ca Please apply/backport these two patches from the 2.24 branch. They fix a memory DOS, originally reported against mate-panel here: https://github.com/mate-desktop/mate-panel/issues/479 For the GTK3 version of this bug, see bug 1641914 Note that MATE is GTK2 only for Ubuntu 16.04 LTS. To manage notifications about this bug go to: https://bugs.launchpad.net/gtk/+bug/1641912/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1641912] Re: Please backport two recent-manager patches
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: gtk+2.0 (Ubuntu Xenial) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu. https://bugs.launchpad.net/bugs/1641912 Title: Please backport two recent-manager patches Status in GTK+: Unknown Status in gtk+2.0 package in Ubuntu: Confirmed Status in gtk+2.0 source package in Xenial: Confirmed Status in gtk+2.0 source package in Yakkety: Confirmed Bug description: https://git.gnome.org/browse/gtk+/commit/?h=gtk-2-24&id=a3b2d6a65be9f592de9570c227df00f910167e9e https://git.gnome.org/browse/gtk+/commit/?h=gtk-2-24&id=35871edb318083b2d7e4758cbdaad6109eed60ca Please apply/backport these two patches from the 2.24 branch. They fix a memory DOS, originally reported against mate-panel here: https://github.com/mate-desktop/mate-panel/issues/479 For the GTK3 version of this bug, see bug 1641914 Note that MATE is GTK2 only for Ubuntu 16.04 LTS. To manage notifications about this bug go to: https://bugs.launchpad.net/gtk/+bug/1641912/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1641912] Re: Please backport two recent-manager patches
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: gtk+2.0 (Ubuntu Yakkety) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu. https://bugs.launchpad.net/bugs/1641912 Title: Please backport two recent-manager patches Status in GTK+: Unknown Status in gtk+2.0 package in Ubuntu: Confirmed Status in gtk+2.0 source package in Xenial: Confirmed Status in gtk+2.0 source package in Yakkety: Confirmed Bug description: https://git.gnome.org/browse/gtk+/commit/?h=gtk-2-24&id=a3b2d6a65be9f592de9570c227df00f910167e9e https://git.gnome.org/browse/gtk+/commit/?h=gtk-2-24&id=35871edb318083b2d7e4758cbdaad6109eed60ca Please apply/backport these two patches from the 2.24 branch. They fix a memory DOS, originally reported against mate-panel here: https://github.com/mate-desktop/mate-panel/issues/479 For the GTK3 version of this bug, see bug 1641914 Note that MATE is GTK2 only for Ubuntu 16.04 LTS. To manage notifications about this bug go to: https://bugs.launchpad.net/gtk/+bug/1641912/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1641912] Re: Please backport two recent-manager patches
** Changed in: gtk+2.0 (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu. https://bugs.launchpad.net/bugs/1641912 Title: Please backport two recent-manager patches Status in gtk+2.0 package in Ubuntu: Confirmed Bug description: https://git.gnome.org/browse/gtk+/commit/?h=gtk-2-24&id=a3b2d6a65be9f592de9570c227df00f910167e9e https://git.gnome.org/browse/gtk+/commit/?h=gtk-2-24&id=35871edb318083b2d7e4758cbdaad6109eed60ca Please apply/backport these two patches from the 2.24 branch. They fix a memory DOS, originally reported against mate-panel here: https://github.com/mate-desktop/mate-panel/issues/479 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gtk+2.0/+bug/1641912/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp