Bug#700308: src:pixman: CVE-2013-1591

To: Helmut Grohne <helmut@subdivi.de>, 700308@bugs.debian.org
Subject: Bug#700308: src:pixman: CVE-2013-1591
From: Julien Cristau <julien.cristau@logilab.fr>
Date: Mon, 11 Feb 2013 19:55:05 +0100
Message-id: <[🔎] 20130211185503.GA29128@crater2.logilab.fr>
Reply-to: Julien Cristau <julien.cristau@logilab.fr>, 700308@bugs.debian.org
In-reply-to: <[🔎] 20130211134015.GA9630@alf.mars>
References: <[🔎] 20130211134015.GA9630@alf.mars>

On Mon, Feb 11, 2013 at 14:40:21 +0100, Helmut Grohne wrote:

> Package: src:pixman
> Severity: grave
> Tags: security
> 
> The pixman library may be affected by CVE-2013-1591.
> 
> | Stack-based buffer overflow in libpixman, as used in Pale Moon before
> | 15.4, has unspecified impact and attack vectors.
> 
> The only references I could find so far were:
> 
> http://www.palemoon.org/releasenotes-ng.shtml
> http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1591.html
> 
> Please investigate which pixman versions (if any) are affected by this
> issue and update version information for this bug report.
> 
15:31 < mdeslaur> jcristau: this seems to be the only difference in pale
moon: http://cgit.freedesktop.org/pixman/commit/?id=de60e2e0e3eb6084f8f14b63f25b3cbfb012943f

haven't had a chance to look when that was introduced yet, that may have
to wait a couple days.

Cheers,
Julien

Reply to:

References:
- Bug#700308: src:pixman: CVE-2013-1591
  - From: Helmut Grohne <helmut@subdivi.de>

Prev by Date: Bug#691699: libxkbcommon: upgrade to 0.2.0
Next by Date: mesa: Changes to 'debian-experimental'
Previous by thread: Bug#700308: src:pixman: CVE-2013-1591
Next by thread: Bug#700308: marked as done (src:pixman: CVE-2013-1591)
Index(es):
- Date
- Thread