Subject: CVS commit: pkgsrc/graphics/gdk-pixbuf
To: None <pkgsrc-changes@NetBSD.org>
From: Lubomir Sedlacik <salo@netbsd.org>
List: pkgsrc-changes
Date: 11/26/2005 09:40:50
Module Name: pkgsrc
Committed By: salo
Date: Sat Nov 26 09:40:50 UTC 2005
Modified Files:
pkgsrc/graphics/gdk-pixbuf: Makefile distinfo
Added Files:
pkgsrc/graphics/gdk-pixbuf/patches: patch-am
Log Message:
Security fixes for CVE-2005-2975, CVE-2005-2976 and CVE-2005-3186:
"io-xpm.c in the gdk-pixbuf XPM image rendering library allows attackers
to cause a denial of service (infinite loop) via a crafted XPM image
with a large number of colors."
"Integer overflow in io-xpm.c in gdk-pixbuf allows attackers to cause a
denial of service (crash) or execute arbitrary code via an XPM file with
large height, width, and colour values, a different vulnerability than
CVE-2005-3186."
"Integer overflow in the gdk-pixbuf XPM image rendering library allows
attackers to execute arbitrary code via an XPM file with a number of
colors that causes insufficient memory to be allocated, which leads to
a heap-based buffer overflow."
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2975
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3186
To generate a diff of this commit:
cvs rdiff -r1.31 -r1.32 pkgsrc/graphics/gdk-pixbuf/Makefile
cvs rdiff -r1.18 -r1.19 pkgsrc/graphics/gdk-pixbuf/distinfo
cvs rdiff -r0 -r1.1 pkgsrc/graphics/gdk-pixbuf/patches/patch-am
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.