-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Sun, 20 Nov 2005 17:41:24 +0100 Source: gtk+2.0 Binary: libgtk2.0-dev libgtk2.0-0-dbg gtk2-engines-pixbuf libgtk2.0-0 libgtk2.0-doc gtk2.0-examples libgtk2.0-bin libgtk2.0-common Architecture: source i386 all Version: 2.6.4-3.1 Distribution: stable-security Urgency: high Maintainer: Sebastien Bacher <seb128@debian.org> Changed-By: Loic Minier <lool@dooz.org> Description: gtk2-engines-pixbuf - Pixbuf-based theme for GTK+ 2.x gtk2.0-examples - Examples files for the GTK+ 2.0 libgtk2.0-0 - The GTK+ graphical user interface library libgtk2.0-0-dbg - The GTK+ libraries and debugging symbols libgtk2.0-bin - The programs for the GTK+ graphical user interface library libgtk2.0-common - Common files for the GTK+ graphical user interface library libgtk2.0-dev - Development files for the GTK+ library libgtk2.0-doc - Documentation for the GTK+ graphical user interface library Closes: 339431 Changes: gtk+2.0 (2.6.4-3.1) stable-security; urgency=high . * Non-maintainer upload targetted at stable-security. * SECURITY UPDATE: Arbitrary code execution and DoS. - Add debian/patches/010_xpm-colors-overflow_CVE-2005-3186.patch. . Addresses CVE-2005-3186: Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 2.4.0 allows attackers to execute arbitrary code via an XPM file with a number of colors that causes insufficient memory to be allocated, which leads to a heap-based buffer overflow. . io-xpm.c: Add check to XPM reader to prevent integer overflow for specially crafted number of colors. . Closes: #339431 - Add debian/patches/011_xpm-colors-loop_CVE-2005-2975.patch. . Addresses CVE-2005-2975: The GTK+ gdk-pixbuf XPM image rendering library allows attackers to cause a denial of service (infinite loop) via a crafted XPM image. . io-xpm.c: Fix endless loop with specially crafted number of colors. Files: 876d42d456f4c65949fe326d4603d0a6 2000 libs optional gtk+2.0_2.6.4-3.1.dsc a3ab72c9c80384fb707b992eb8b43c13 16354198 libs optional gtk+2.0_2.6.4.orig.tar.gz 743d43246b74d208e704b0a8212625df 49387 libs optional gtk+2.0_2.6.4-3.1.diff.gz b84d91a0e62bc5294208e39a10d8f875 2983652 misc optional libgtk2.0-common_2.6.4-3.1_all.deb 2b12f72ddc801222745fba5784f0d30a 2317798 doc optional libgtk2.0-doc_2.6.4-3.1_all.deb 8dedb3a4d88d4aeb64f0b3be221b25e2 2097270 libs optional libgtk2.0-0_2.6.4-3.1_i386.deb eb658bed31f5fa07d5ac7fe194dbd50e 18194 misc optional libgtk2.0-bin_2.6.4-3.1_i386.deb bb53cc8a482cf455ea1b0c913d6cd2cb 7234930 libdevel optional libgtk2.0-dev_2.6.4-3.1_i386.deb 1f90e641d602fb9aef7233c8f2fdc374 17534636 libdevel extra libgtk2.0-0-dbg_2.6.4-3.1_i386.deb 9562defc5dd5d78d3eac97ac79c0f1b6 260184 x11 extra gtk2.0-examples_2.6.4-3.1_i386.deb 54ac82ff996e06087721a12edca85ca0 51142 graphics optional gtk2-engines-pixbuf_2.6.4-3.1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFDgN+G4VUX8isJIMARAvJmAJ46HkpWu+7ZphdwsAXHu8P/umZjxwCeJnJw K88iwqGF901wjmRGQUmCShE= =zgx+ -----END PGP SIGNATURE----- Accepted: gtk+2.0_2.6.4-3.1.diff.gz to pool/main/g/gtk+2.0/gtk+2.0_2.6.4-3.1.diff.gz gtk+2.0_2.6.4-3.1.dsc to pool/main/g/gtk+2.0/gtk+2.0_2.6.4-3.1.dsc gtk2-engines-pixbuf_2.6.4-3.1_i386.deb to pool/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.1_i386.deb gtk2.0-examples_2.6.4-3.1_i386.deb to pool/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.1_i386.deb libgtk2.0-0-dbg_2.6.4-3.1_i386.deb to pool/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.1_i386.deb libgtk2.0-0_2.6.4-3.1_i386.deb to pool/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.1_i386.deb libgtk2.0-bin_2.6.4-3.1_i386.deb to pool/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.1_i386.deb libgtk2.0-common_2.6.4-3.1_all.deb to pool/main/g/gtk+2.0/libgtk2.0-common_2.6.4-3.1_all.deb libgtk2.0-dev_2.6.4-3.1_i386.deb to pool/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.1_i386.deb libgtk2.0-doc_2.6.4-3.1_all.deb to pool/main/g/gtk+2.0/libgtk2.0-doc_2.6.4-3.1_all.deb