Bug#339431: CVE-2005-3186: Integer overflow in gdk-pixbuf's XPM code

Moritz Muehlenhoff jmm at inutil.org
Wed Nov 16 14:20:13 UTC 2005


Loic Minier wrote:
>  The Redhat security advisory also fixes CVE-2005-2975, for which I see
>  no entry in the Debian changelog, could you please investifate on this
>  id and report whether gtk1 and gtk2 are affected for Debian?

The vulnerability matrix for Woody and Sarge (the entries are the line
numbers in io-xpm.c, where the vulnerable code is present):


               Woody gtk2   Woody gdk-pixbuf   Sarge gtk2   Sarge gdk-pixbuf
CVE-2005-2975    1170         284                1170         284
CVE-2005-2976    1317         413                ----         413
CVE-2005-3186    1255         359                1256         359

Cheers,
        Moritz





More information about the Pkg-gnome-maintainers mailing list