[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 3337-1] gdk-pixbuf security update

Hi Moritz,

Am 18.08.2015 um 15:37 schrieb Moritz Muehlenhoff:
> -------------------------------------------------------------------------
> Debian Security Advisory DSA-3337-1                   security@debian.org
> https://www.debian.org/security/                       Moritz Muehlenhoff
> August 18, 2015                       https://www.debian.org/security/faq
> -------------------------------------------------------------------------
> Package        : gdk-pixbuf
> CVE ID         : CVE-2015-4491
> Gustavo Grieco discovered a heap overflow in the processing of BMP images
> which may result in the execution of arbitrary code if a malformed image
> is opened.
> For the oldstable distribution (wheezy), this problem has been fixed
> in version 2.26.1-1+deb7u1.
> For the stable distribution (jessie), this problem has been fixed in
> version 2.31.1-2+deb8u2.

Thanks for taking care of this.
From a cursory glance, the patch in 2.31.1-2+deb8u2 seems to be
incomplete and is missing the follow-up commit [1].

I'll update the package in unstable. Would be great if you can handle
the stable upload.


Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: