diff options
author | Martin Schulze <joey> | 2005-12-01 06:50:07 +0000 |
---|---|---|
committer | Martin Schulze <joey> | 2005-12-01 06:50:07 +0000 |
commit | d82a5f2bd5b15c674129782846da3116a25637e6 (patch) | |
tree | 449f096bb2def4e18b5998647a470c5360bd33f2 | |
parent | 3162b4228e0bde8ddcd9dfd2db117c8891d89998 (diff) |
[DSA 913-1] New gdk-pixbuf packages fix several vulnerabilities
CVS version numbers
english/security/2005/dsa-913.data: INITIAL -> 1.1
english/security/2005/dsa-913.wml: INITIAL -> 1.1
-rw-r--r-- | english/security/2005/dsa-913.data | 195 | ||||
-rw-r--r-- | english/security/2005/dsa-913.wml | 59 |
2 files changed, 254 insertions, 0 deletions
diff --git a/english/security/2005/dsa-913.data b/english/security/2005/dsa-913.data new file mode 100644 index 00000000000..35ca8b8cf41 --- /dev/null +++ b/english/security/2005/dsa-913.data @@ -0,0 +1,195 @@ +<define-tag pagetitle>DSA-913-1 gdk-pixbuf</define-tag> +<define-tag report_date>2005-12-1</define-tag> +<define-tag secrefs>CVE-2005-2975 CVE-2005-2976 CVE-2005-3186 BID15428 Bug#339431</define-tag> +<define-tag packages>gdk-pixbuf</define-tag> +<define-tag isvulnerable>yes</define-tag> +<define-tag fixed>yes</define-tag> + +#use wml::debian::security + +<h3>Debian GNU/Linux 3.0 (woody)</h3> + +<dl> + +<dt><source /> + + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/gdk-pixbuf_0.17.0-2woody3.dsc /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/gdk-pixbuf_0.17.0-2woody3.diff.gz /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/gdk-pixbuf_0.17.0.orig.tar.gz /> + +<dt>Alpha: + + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody3_alpha.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody3_alpha.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody3_alpha.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody3_alpha.deb /> + +<dt>ARM: + + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody3_arm.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody3_arm.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody3_arm.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody3_arm.deb /> + +<dt>Intel IA-32: + + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody3_i386.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody3_i386.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody3_i386.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody3_i386.deb /> + +<dt>Intel IA-64: + + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody3_ia64.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody3_ia64.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody3_ia64.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody3_ia64.deb /> + +<dt>HPPA: + + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody3_hppa.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody3_hppa.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody3_hppa.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody3_hppa.deb /> + +<dt>Motorola 680x0: + + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody3_m68k.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody3_m68k.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody3_m68k.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody3_m68k.deb /> + +<dt>Big endian MIPS: + + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody3_mips.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody3_mips.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody3_mips.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody3_mips.deb /> + +<dt>Little endian MIPS: + + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody3_mipsel.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody3_mipsel.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody3_mipsel.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody3_mipsel.deb /> + +<dt>PowerPC: + + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody3_powerpc.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody3_powerpc.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody3_powerpc.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody3_powerpc.deb /> + +<dt>IBM S/390: + + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody3_s390.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody3_s390.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody3_s390.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody3_s390.deb /> + +<dt>Sun Sparc: + + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody3_sparc.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody3_sparc.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody3_sparc.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody3_sparc.deb /> + +</dl> + +<h3>Debian GNU/Linux 3.1 (sarge)</h3> + +<dl> + +<dt><source /> + + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/gdk-pixbuf_0.22.0-8.1.dsc /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/gdk-pixbuf_0.22.0-8.1.diff.gz /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/gdk-pixbuf_0.22.0.orig.tar.gz /> + +<dt>Alpha: + + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-8.1_alpha.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-8.1_alpha.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-8.1_alpha.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-8.1_alpha.deb /> + +<dt>AMD64: + + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-8.1_amd64.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-8.1_amd64.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-8.1_amd64.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-8.1_amd64.deb /> + +<dt>ARM: + + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-8.1_arm.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-8.1_arm.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-8.1_arm.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-8.1_arm.deb /> + +<dt>Intel IA-32: + + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-8.1_i386.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-8.1_i386.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-8.1_i386.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-8.1_i386.deb /> + +<dt>Intel IA-64: + + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-8.1_ia64.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-8.1_ia64.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-8.1_ia64.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-8.1_ia64.deb /> + +<dt>HPPA: + + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-8.1_hppa.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-8.1_hppa.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-8.1_hppa.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-8.1_hppa.deb /> + +<dt>Motorola 680x0: + + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-8.1_m68k.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-8.1_m68k.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-8.1_m68k.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-8.1_m68k.deb /> + +<dt>Big endian MIPS: + + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-8.1_mips.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-8.1_mips.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-8.1_mips.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-8.1_mips.deb /> + +<dt>Little endian MIPS: + + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-8.1_mipsel.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-8.1_mipsel.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-8.1_mipsel.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-8.1_mipsel.deb /> + +<dt>PowerPC: + + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-8.1_powerpc.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-8.1_powerpc.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-8.1_powerpc.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-8.1_powerpc.deb /> + +<dt>IBM S/390: + + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-8.1_s390.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-8.1_s390.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-8.1_s390.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-8.1_s390.deb /> + +<dt>Sun Sparc: + + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-8.1_sparc.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-8.1_sparc.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-8.1_sparc.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-8.1_sparc.deb /> + +</dl> + +<p><md5sums http://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00314.html /></p> diff --git a/english/security/2005/dsa-913.wml b/english/security/2005/dsa-913.wml new file mode 100644 index 00000000000..c1888a33036 --- /dev/null +++ b/english/security/2005/dsa-913.wml @@ -0,0 +1,59 @@ +<define-tag description>several vulnerabilities</define-tag> +<define-tag moreinfo> +<p>Several vulnerabilities have been found in gdk-pixbuf, the Gtk+ +GdkPixBuf XPM image rendering library. The Common Vulnerabilities and +Exposures project identifies the following problems:</p> + +<ul> + +<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2975">CVE-2005-2975</a> + + <p>Ludwig Nussel discovered an infinite loop when processing XPM + images that allows an attacker to cause a denial of service via a + specially crafted XPM file.</p></li> + +<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2976">CVE-2005-2976</a> + + <p>Ludwig Nussel discovered an integer overflow in the way XPM images + are processed that could lead to the execution of arbitrary code + or crash the application via a specially crafted XPM file.</p></li> + +<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3186">CVE-2005-3186</a> + + <p>"infamous41md" discovered an integer in the XPM processing routine + that can be used to execute arbitrary code via a traditional heap + overflow.</p> + +<p>The following matrix explains which versions fix these problems:</p> + +<div class="centerdiv"> +<table cellspacing=0 cellpadding=2> + <tr> + <th> </th> + <th>old stable (woody)</th> + <th>stable (sarge)</th> + <th>unstable (sid)</th> + </tr> + <tr> + <td>gdk-pixbuf</td> + <td>0.17.0-2woody3</td> + <td>0.22.0-8.1</td> + <td>0.22.0-11</td> + </tr> + <tr> + <td>gtk+2.0</td> + <td>2.0.2-5woody3</td> + <td>2.6.4-3.1</td> + <td>2.6.10-2</td> + </tr> + <tr> + </tr> +</table> +</div> + +<p>We recommend that you upgrade your gdk-pixbuf packages.</p> +</define-tag> + +# do not modify the following line +#include "$(ENGLISHDIR)/security/2005/dsa-913.data" +# $Id$ |