Module Name:	pkgsrc
Committed By:	snj
Date:		Sun Nov 27 21:14:26 UTC 2005

Modified Files:
	pkgsrc/graphics/gdk-pixbuf [pkgsrc-2005Q3]: Makefile distinfo
Added Files:
	pkgsrc/graphics/gdk-pixbuf/patches [pkgsrc-2005Q3]: patch-am

Log Message:
Pullup ticket 925 - requested by Lubomir Sedlacik
security fix for gdk-pixbuf

Revisions pulled up:
- pkgsrc/graphics/gdk-pixbuf/Makefile		1.32
- pkgsrc/graphics/gdk-pixbuf/distinfo		1.19
- pkgsrc/graphics/gdk-pixbuf/patches/patch-am	1.1

   Module Name:    pkgsrc
   Committed By:   salo
   Date:           Sat Nov 26 09:40:50 UTC 2005

   Modified Files:
           pkgsrc/graphics/gdk-pixbuf: Makefile distinfo
   Added Files:
           pkgsrc/graphics/gdk-pixbuf/patches: patch-am

   Log Message:
   Security fixes for CVE-2005-2975, CVE-2005-2976 and CVE-2005-3186:

   "io-xpm.c in the gdk-pixbuf XPM image rendering library allows attackers
   to cause a denial of service (infinite loop) via a crafted XPM image
   with a large number of colors."

   "Integer overflow in io-xpm.c in gdk-pixbuf allows attackers to cause a
   denial of service (crash) or execute arbitrary code via an XPM file with
   large height, width, and colour values, a different vulnerability than
   CVE-2005-3186."

   "Integer overflow in the gdk-pixbuf XPM image rendering library allows
   attackers to execute arbitrary code via an XPM file with a number of
   colors that causes insufficient memory to be allocated, which leads to
   a heap-based buffer overflow."

   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2975
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2976
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3186


To generate a diff of this commit:
cvs rdiff -r1.31 -r1.31.4.1 pkgsrc/graphics/gdk-pixbuf/Makefile
cvs rdiff -r1.18 -r1.18.2.1 pkgsrc/graphics/gdk-pixbuf/distinfo
cvs rdiff -r0 -r1.1.2.1 pkgsrc/graphics/gdk-pixbuf/patches/patch-am

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.