Bug#303141: marked as done (CAN-2005-0891: Palette-less BMPs can
cause double free() DoS)
Debian Bug Tracking System
owner@bugs.debian.org
Tue, 05 Apr 2005 17:18:09 -0700
Your message dated Tue, 05 Apr 2005 19:47:23 -0400
with message-id <E1DIxlT-0003G5-00@newraff.debian.org>
and subject line Bug#303141: fixed in gtk+2.0 2.6.4-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 5 Apr 2005 01:15:40 +0000
>From jmm@inutil.org Mon Apr 04 18:15:40 2005
Return-path: <jmm@inutil.org>
Received: from inutil.org (vserver151.vserver151.serverflex.de) [193.22.164.111]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DIcfM-00031d-00; Mon, 04 Apr 2005 18:15:40 -0700
Received: from p54894c51.dip.t-dialin.net ([84.137.76.81] helo=localhost.localdomain)
by vserver151.vserver151.serverflex.de with esmtpsa (TLS-1.0:RSA_AES_256_CBC_SHA:32)
(Exim 4.50)
id 1DIZlm-0003OK-TL
for submit@bugs.debian.org; Tue, 05 Apr 2005 00:10:07 +0200
Received: from jmm by localhost.localdomain with local (Exim 4.50)
id 1DIZlh-000325-QM; Tue, 05 Apr 2005 00:10:01 +0200
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Moritz Muehlenhoff <jmm@inutil.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CAN-2005-0891: Palette-less BMPs can cause double free() DoS
X-Mailer: reportbug 3.9
Date: Tue, 05 Apr 2005 00:10:01 +0200
X-Debbugs-Cc: security@debian.org
Message-Id: <E1DIZlh-000325-QM@localhost.localdomain>
X-SA-Exim-Connect-IP: 84.137.76.81
X-SA-Exim-Mail-From: jmm@inutil.org
X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond expanded to false
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,
X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: gtk+2.0
Severity: important
Tags: security
[ Dear security team: You can test whether Woody is affected by loading this
image into gqview; if it causes a lockup it's affected as well:
http://bugzilla.gnome.org/attachment.cgi?id=39270&action=view ]
Attackers can cause DoS against applications using GTK through BMP images
without palette information, which will lead into a double free().
See http://bugzilla.gnome.org/show_bug.cgi?id=171707
for full details and a patch.
Please refer to CAN-2005-0891 when fixing this.
Cheers,
Moritz
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.11
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)
---------------------------------------
Received: (at 303141-close) by bugs.debian.org; 6 Apr 2005 00:01:36 +0000
>From katie@ftp-master.debian.org Tue Apr 05 17:01:36 2005
Return-path: <katie@ftp-master.debian.org>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DIxzE-0005Io-00; Tue, 05 Apr 2005 17:01:36 -0700
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1DIxlT-0003G5-00; Tue, 05 Apr 2005 19:47:23 -0400
From: Sebastien Bacher <seb128@debian.org>
To: 303141-close@bugs.debian.org
X-Katie: $Revision: 1.55 $
Subject: Bug#303141: fixed in gtk+2.0 2.6.4-1
Message-Id: <E1DIxlT-0003G5-00@newraff.debian.org>
Sender: Archive Administrator <katie@ftp-master.debian.org>
Date: Tue, 05 Apr 2005 19:47:23 -0400
Delivered-To: 303141-close@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-4.8 required=4.0 tests=BAYES_00,FROM_ENDS_IN_NUMS,
HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Source: gtk+2.0
Source-Version: 2.6.4-1
We believe that the bug you reported is fixed in the latest version of
gtk+2.0, which is due to be installed in the Debian FTP archive:
gtk+2.0_2.6.4-1.diff.gz
to pool/main/g/gtk+2.0/gtk+2.0_2.6.4-1.diff.gz
gtk+2.0_2.6.4-1.dsc
to pool/main/g/gtk+2.0/gtk+2.0_2.6.4-1.dsc
gtk+2.0_2.6.4.orig.tar.gz
to pool/main/g/gtk+2.0/gtk+2.0_2.6.4.orig.tar.gz
gtk2-engines-pixbuf_2.6.4-1_i386.deb
to pool/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-1_i386.deb
gtk2.0-examples_2.6.4-1_i386.deb
to pool/main/g/gtk+2.0/gtk2.0-examples_2.6.4-1_i386.deb
libgtk2.0-0-dbg_2.6.4-1_i386.deb
to pool/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-1_i386.deb
libgtk2.0-0_2.6.4-1_i386.deb
to pool/main/g/gtk+2.0/libgtk2.0-0_2.6.4-1_i386.deb
libgtk2.0-bin_2.6.4-1_i386.deb
to pool/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-1_i386.deb
libgtk2.0-common_2.6.4-1_all.deb
to pool/main/g/gtk+2.0/libgtk2.0-common_2.6.4-1_all.deb
libgtk2.0-dev_2.6.4-1_i386.deb
to pool/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-1_i386.deb
libgtk2.0-doc_2.6.4-1_all.deb
to pool/main/g/gtk+2.0/libgtk2.0-doc_2.6.4-1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 303141@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sebastien Bacher <seb128@debian.org> (supplier of updated gtk+2.0 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 5 Apr 2005 21:09:01 +0200
Source: gtk+2.0
Binary: libgtk2.0-dev libgtk2.0-0-dbg gtk2-engines-pixbuf libgtk2.0-0 libgtk2.0-doc gtk2.0-examples libgtk2.0-bin libgtk2.0-common
Architecture: source i386 all
Version: 2.6.4-1
Distribution: unstable
Urgency: medium
Maintainer: Sebastien Bacher <seb128@debian.org>
Changed-By: Sebastien Bacher <seb128@debian.org>
Description:
gtk2-engines-pixbuf - Pixbuf-based theme for GTK+ 2.x
gtk2.0-examples - Examples files for the GTK+ 2.0
libgtk2.0-0 - The GTK+ graphical user interface library
libgtk2.0-0-dbg - The GTK+ libraries and debugging symbols
libgtk2.0-bin - The programs for the GTK+ graphical user interface library
libgtk2.0-common - Common files for the GTK+ graphical user interface library
libgtk2.0-dev - Development files for the GTK+ library
libgtk2.0-doc - Documentation for the GTK+ graphical user interface library
Closes: 303141
Changes:
gtk+2.0 (2.6.4-1) unstable; urgency=medium
.
* New upstream release.
* debian/patches/004_fs_newdir.patch:
- fix a crash in the fileselector when creating a directory.
* debian/patches/003_iconcache.patch:
- this bug is fixed in the new version.
* debian/patches/004_mipsbuild.patch:
- dropped, this change is not required.
* debian/patches/002_bmp.patch:
- fix CAN-2005-0891: BMP double free Dos (Closes: #303141).
Files:
af2d6dc49d806023791e2203a30f8784 1996 libs optional gtk+2.0_2.6.4-1.dsc
a3ab72c9c80384fb707b992eb8b43c13 16354198 libs optional gtk+2.0_2.6.4.orig.tar.gz
d2528c1d1b2d2b5c032daf25dbc105af 47495 libs optional gtk+2.0_2.6.4-1.diff.gz
0e498bfa1929d68248b1d04e5a4eeb45 2983790 misc optional libgtk2.0-common_2.6.4-1_all.deb
fa4cbd1fb94af5ad4a46568fde9b9159 2317266 doc optional libgtk2.0-doc_2.6.4-1_all.deb
b5993e682b3d5d67ce8a92bdee7b0b72 2095904 libs optional libgtk2.0-0_2.6.4-1_i386.deb
dd2a7921bb9161a809ee304969c74999 18214 misc optional libgtk2.0-bin_2.6.4-1_i386.deb
91fc5683d5454440123c5f1244a833ff 7234922 libdevel optional libgtk2.0-dev_2.6.4-1_i386.deb
f40becc8dcc85947cc1b6093dea7927b 17543510 libdevel extra libgtk2.0-0-dbg_2.6.4-1_i386.deb
4c8d83e6a4528af360a1bc373c666e5b 259418 x11 extra gtk2.0-examples_2.6.4-1_i386.deb
5ed4ce2dcf0e31cd4dfbfd2ffaaeb575 50342 graphics optional gtk2-engines-pixbuf_2.6.4-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFCUw6WQxo87aLX0pIRAiatAKDUhKekACE3t2ShsqqWlUxhz3plPgCeMoBw
dLvoUDBHq26VX18xDVkht5I=
=PWp7
-----END PGP SIGNATURE-----