--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: wheezy-pu: package gtk+3.0/3.4.2-7+deb7u1
- From: Guido Günther <agx@sigxcpu.org>
- Date: Sun, 27 Mar 2016 17:15:26 +0200
- Message-id: <20160327151526.GA25384@bogon.m.sigxcpu.org>
Package: release.debian.org
Severity: normal
Tags: wheezy
User: release.debian.org@packages.debian.org
Usertags: pu
Hi,
I'd like to upate gtk+3.0 in wheezy to fix CVE-2013-7447.patch with the
attached debiff. Wheezy is currnelty the only unfixed gtk+3.0 version.
Cheers,
-- Guido
-- System Information:
Debian Release: stretch/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'stable-updates'), (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.1.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff --git a/debian/changelog b/debian/changelog
index 999a883..37c3d67 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+gtk+3.0 (3.4.2-7+deb7u1) oldstable-proposed-updates; urgency=medium
+
+ * Non-maintainer upload.
+ * CVE-2013-7447.patch: Avoid integer overflow when allocating a large block
+ of memory in gdk_cairo_set_source_pixbuf (Closes: #818090)
+
+ -- Guido Günther <agx@sigxcpu.org> Sun, 13 Mar 2016 16:22:28 +0100
+
gtk+3.0 (3.4.2-7) stable; urgency=low
[ Raphaël Geissert ]
diff --git a/debian/patches/CVE-2013-7447.patch b/debian/patches/CVE-2013-7447.patch
new file mode 100644
index 0000000..cb851a2
--- /dev/null
+++ b/debian/patches/CVE-2013-7447.patch
@@ -0,0 +1,24 @@
+From: =?utf-8?q?Guido_G=C3=BCnther?= <agx@sigxcpu.org>
+Date: Sun, 13 Mar 2016 15:38:37 +0100
+Subject: CVE-2013-7447
+
+Cherry-pick of upstream commit
+
+https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6
+---
+ gdk/gdkcairo.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/gdk/gdkcairo.c b/gdk/gdkcairo.c
+index 19bed04..2e1d8dc 100644
+--- a/gdk/gdkcairo.c
++++ b/gdk/gdkcairo.c
+@@ -213,7 +213,7 @@ gdk_cairo_set_source_pixbuf (cairo_t *cr,
+ format = CAIRO_FORMAT_ARGB32;
+
+ cairo_stride = cairo_format_stride_for_width (format, width);
+- cairo_pixels = g_malloc (height * cairo_stride);
++ cairo_pixels = g_malloc_n (height, cairo_stride);
+ surface = cairo_image_surface_create_for_data ((unsigned char *)cairo_pixels,
+ format,
+ width, height, cairo_stride);
diff --git a/debian/patches/series b/debian/patches/series
index e9942cf..866e6e9 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -15,3 +15,4 @@
074_try-harder-to-discriminate-Shift-F10-and-F10.patch
075_gtkplug-fix-handling-of-key-events-for-layouts.patch
076_check_wm_supports_hint.patch
+CVE-2013-7447.patch
--- End Message ---