BLAG

BLAG Forums
It is currently Sat Dec 20, 2014 11:49 pm

All times are UTC




Post new topic Reply to topic  [ 1 post ] 
Author Message
PostPosted: Wed Sep 15, 2004 7:46 pm 
Offline
Site Admin

Joined: Sun Mar 14, 2004 3:17 pm
Posts: 4492
Location: Loveland, Colorado, USA
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-289
2004-09-15
---------------------------------------------------------------------

Product : Fedora Core 2
Name : gtk2
Version : 2.4.7
Release : 2.4
Summary : The GIMP ToolKit (GTK+), a library for creating GUIs for
X.
Description :
GTK+ is a multi-platform toolkit for creating graphical user
interfaces. Offering a complete set of widgets, GTK+ is suitable for
projects ranging from small one-off tools to complete application
suites.

---------------------------------------------------------------------
Update Information:

During testing of a previously fixed flaw in Qt (CAN-2004-0691), a flaw
was
discovered in the BMP image processor of gtk2. An attacker could create
a
carefully crafted BMP file which would cause an application to enter an
infinite loop and not respond to user input when the file was opened by
a
victim. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-0753 to this issue.

During a security audit Chris Evans discovered a stack and a heap
overflow
in the XPM image decoder. An attacker could create a carefully crafted
XPM
file which could cause an application linked with gtk2 to crash or
possibly
execute arbitrary code when the file was opened by a victim.
(CAN-2004-0782, CAN-2004-0783)

Chris Evans also discovered an integer overflow in the ICO image
decoder.
An attacker could create a carefully crafted ICO file which could cause
an
application linked with gtk2 to crash when the file was opened by a
victim.
(CAN-2004-0788)

---------------------------------------------------------------------
* Tue Sep 07 2004 Matthias Clasen <mclasen@redhat.com> - 2.4.7-2.4

- Fix issues in the xpm and ico loaders
found by Chris Evans (#130711)

* Fri Aug 20 2004 Owen Taylor <otaylor@redhat.com> - 2.4.7-2.2

- Fix problem with infinite loop on bad BMP data (#130450,
test BMP from Chris Evans, fix from Manish Singh)

* Sat Aug 14 2004 Matthias Clasen <mclasen@redhat.com> 2.4.7-1

- update to 2.4.7

* Fri Aug 13 2004 Matthias Clasen <mclasen@redhat.com> 2.4.6-1

- update to 2.4.6
- call libtoolize --force to win .so's back...

* Fri Jul 30 2004 Jonathan Blandford <jrb@redhat.com> 2.4.4-4

- add typeahead patch to GtkTreeView
- automake-1.9

* Tue Jul 27 2004 Matthias Clasen <mclasen@redhat.com> - 2.4.4-3

- Use -64 suffix on powerpc64. (#128605)

* Fri Jul 16 2004 Matthias Clasen <mclasen@redhat.com> - 2.4.4-2

- Fix permissions of gdk-pixbuf-csource script.
- Escape macros in %changelog

* Fri Jul 09 2004 Matthias Clasen <mclasen@redhat.com> - 2.4.4-1

- Update to 2.4.4

* Thu Jul 08 2004 Matthias Clasen <mclasen@redhat.com> - 2.4.1-5

- Look for the gtk.immodules file in the right location. (#127073)

* Thu Jul 08 2004 Matthias Clasen <mclasen@redhat.com> - 2.4.1-4

- Add a wrapper for gdk-pixbuf-csource.

* Wed Jun 23 2004 Matthias Clasen <mclasen@redhat.com> - 2.4.1-3

- Don't install testgtk and testtext
- Rename binaries to -32/-64 (#124478)
- Move arch-dependent config files to /etc/gtk-2.0/$host (#124482)
- Add wrappers for updating the arch-dependent config files

* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>

- rebuilt

* Thu May 20 2004 Matthias Clasen <mclasen@redhat.com> - 2.4.1-1

- Upgrade to 2.4.1


---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/f ... updates/2/

75a86a6d678f76a2f6238a992463005f SRPMS/gtk2-2.4.7-2.4.src.rpm
f6923be90c1621e83a19df610213ff12 x86_64/gtk2-2.4.7-2.4.x86_64.rpm
e46b3ea2a153749dcf6d5cdf38603ea6 x86_64/gtk2-devel-2.4.7-2.4.x86_64.rpm
81f2cf32b341d60fa766e638624a201c
x86_64/debug/gtk2-debuginfo-2.4.7-2.4.x86_64.rpm
b659bb38815921f415c45790d2c4b1c6 x86_64/gtk2-2.4.7-2.4.i386.rpm
b659bb38815921f415c45790d2c4b1c6 i386/gtk2-2.4.7-2.4.i386.rpm
9d38f480c8ccb6857fc6cbdb322ac073 i386/gtk2-devel-2.4.7-2.4.i386.rpm
5099d6ef8357b99e90e9fa2fd9c28695
i386/debug/gtk2-debuginfo-2.4.7-2.4.i386.rpm


---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-287
2004-09-15
---------------------------------------------------------------------

Product : Fedora Core 2
Name : gdk-pixbuf
Version : 0.22.0
Release : 11.2.3
Summary : An image loading library used with GNOME.
Description :
The gdk-pixbuf package contains an image loading library used with the
GNOME GUI desktop environment. The GdkPixBuf library provides image
loading facilities, the rendering of a GdkPixBuf into various formats
(drawables or GdkRGB buffers), and a cache interface.

---------------------------------------------------------------------
Update Information:

During testing of a previously fixed flaw in Qt (CAN-2004-0691), a flaw
was
discovered in the BMP image processor of gdk-pixbuf. An attacker could
create a carefully crafted BMP file which would cause an application
to enter an infinite loop and not respond to user input when the file
was
opened by a victim. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0753 to this issue.

During a security audit, Chris Evans discovered a stack and a heap
overflow
in the XPM image decoder. An attacker could create a carefully crafted
XPM
file which could cause an application linked with gtk2 to crash or
possibly
execute arbitrary code when the file was opened by a victim.
(CAN-2004-0782, CAN-2004-0783)

Chris Evans also discovered an integer overflow in the ICO image
decoder.
An attacker could create a carefully crafted ICO file which could cause
an
application linked with gtk2 to crash when the file is opened by a
victim.
(CAN-2004-0788)

---------------------------------------------------------------------
* Tue Sep 07 2004 Matthias Clasen <mclasen@redhat.com> - 1:0.22.0-11.2.3

- Rebuild for FC2

* Fri Sep 03 2004 Matthias Clasen <mclasen@redhat.com> - 1:0.22.0-11.2.2

- Rebuild for FC1

* Fri Sep 03 2004 Matthias Clasen <mclasen@redhat.com> - 1:0.22.0-11.1.3

- Rebuild for RHEL3

* Fri Sep 03 2004 Matthias Clasen <mclasen@redhat.com> -
1:0.22.0-11.1.2E

- Fix issues in the xpm and ico loaders
found by Chris Evans (#130711)

* Fri Aug 20 2004 Owen Taylor <otaylor@redhat.com> - 1:0.22.0-10.0.2E

- Fix problem with infinite loop on bad BMP data (#130455,
test BMP from Chris Evans, fix from Manish Singh)

* Sun Aug 15 2004 Tim Waugh <twaugh@redhat.com> 1:0.22.0-9

- Fixed underquoted m4 definition.

* Mon Jun 21 2004 Matthias Clasen <mclasen@redhat.com>

- Make build

* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>

- rebuilt

* Fri Mar 05 2004 Owen Taylor <otaylor@redhat.com> 1:0.22.0-6.0.3

- Include /usr/lib/*.la for AS2.1

* Fri Mar 05 2004 Owen Taylor <otaylor@redhat.com> 1:0.22.0-6.0.2E

- Add some additional defines to work with 2.1AS

* Thu Mar 04 2004 Owen Taylor <otaylor@redhat.com> 1:0.22.0-6.1.1

- Bump and rebuild

* Thu Mar 04 2004 Owen Taylor <otaylor@redhat.com> 1:0.22.0-6.1.0

- Redo package to build without libtool-1.5 patch

* Wed Mar 03 2004 Owen Taylor <otaylor@redhat.com> 1:0.22.0-6.0.0

- Add a couple of bug-fixes backported from GTK+-2.x


---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/f ... updates/2/

df423014919ec5696f889ac6f4787746 SRPMS/gdk-pixbuf-0.22.0-11.2.3.src.rpm
b0c43651dc3ce287199500dfcc2f0587
x86_64/gdk-pixbuf-0.22.0-11.2.3.x86_64.rpm
7e7fc5ed5415290c782869c4b4891cbf
x86_64/gdk-pixbuf-devel-0.22.0-11.2.3.x86_64.rpm
144f31eb04ea373b7e03c7c0478956e9
x86_64/gdk-pixbuf-gnome-0.22.0-11.2.3.x86_64.rpm
3eab7a99d72773cc58f9ae76020170d7
x86_64/debug/gdk-pixbuf-debuginfo-0.22.0-11.2.3.x86_64.rpm
7191295371d1375fa214aae40ed552ad i386/gdk-pixbuf-0.22.0-11.2.3.i386.rpm
1312362346782b79454397d5116c3401
i386/gdk-pixbuf-devel-0.22.0-11.2.3.i386.rpm
26640728f906fbc08f11302aea0c551d
i386/gdk-pixbuf-gnome-0.22.0-11.2.3.i386.rpm
5e6d6f574976df72d29a33e19e178aaa
i386/debug/gdk-pixbuf-debuginfo-0.22.0-11.2.3.i386.rpm


---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-288
2004-09-15
---------------------------------------------------------------------

Product : Fedora Core 1
Name : gtk2
Version : 2.2.4
Release : 10
Summary : The GIMP ToolKit (GTK+), a library for creating GUIs for
X.
Description :
GTK+ is a multi-platform toolkit for creating graphical user
interfaces. Offering a complete set of widgets, GTK+ is suitable for
projects ranging from small one-off tools to complete application
suites.

---------------------------------------------------------------------
Update Information:

During testing of a previously fixed flaw in Qt (CAN-2004-0691), a flaw
was
discovered in the BMP image processor of gtk2. An attacker could create
a
carefully crafted BMP file which would cause an application to enter an
infinite loop and not respond to user input when the file was opened by
a
victim. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-0753 to this issue.

During a security audit Chris Evans discovered a stack and a heap
overflow
in the XPM image decoder. An attacker could create a carefully crafted
XPM
file which could cause an application linked with gtk2 to crash or
possibly
execute arbitrary code when the file was opened by a victim.
(CAN-2004-0782, CAN-2004-0783)

Chris Evans also discovered an integer overflow in the ICO image
decoder.
An attacker could create a carefully crafted ICO file which could cause
an
application linked with gtk2 to crash when the file was opened by a
victim.
(CAN-2004-0788)

---------------------------------------------------------------------
* Fri Sep 03 2004 Matthias Clasen <mclasen@redhat.com> - 2.2.4-10

- Fix issues in the xpm and ico loaders
found by Chris Evans (#130711)

* Fri Aug 20 2004 Owen Taylor <otaylor@redhat.com> - 2.2.4-7.1

- Fix problem with infinite loop on bad BMP data (#130450,
test BMP from Chris Evans, fix from Manish Singh)


---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/f ... updates/1/

d4ae88a59943ed19fb84c197b3800a43 SRPMS/gtk2-2.2.4-10.src.rpm
cc87e91fff48e744beda9e0f3cbb9d22 x86_64/gtk2-2.2.4-10.x86_64.rpm
eb595b4bd917e25abf6e7730bedcf5e0 x86_64/gtk2-devel-2.2.4-10.x86_64.rpm
85d64ebbf05e414c69d05195fc213704
x86_64/debug/gtk2-debuginfo-2.2.4-10.x86_64.rpm
04c0745cf4dde875344ed93ab38dae8a x86_64/gtk2-2.2.4-10.i386.rpm
04c0745cf4dde875344ed93ab38dae8a i386/gtk2-2.2.4-10.i386.rpm
d66eac1eb88431474a089dee707eb0fc i386/gtk2-devel-2.2.4-10.i386.rpm
3d7cf237b8c83d0de2cc74c3c4060567 i386/debug/gtk2-debuginfo-2.2.4-10.i386.rpm


---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-286
2004-09-15
---------------------------------------------------------------------

Product : Fedora Core 1
Name : gdk-pixbuf
Version : 0.22.0
Release : 11.2.2
Summary : An image loading library used with GNOME.
Description :
The gdk-pixbuf package contains an image loading library used with the
GNOME GUI desktop environment. The GdkPixBuf library provides image
loading facilities, the rendering of a GdkPixBuf into various formats
(drawables or GdkRGB buffers), and a cache interface.

---------------------------------------------------------------------
Update Information:

During testing of a previously fixed flaw in Qt (CAN-2004-0691), a flaw
was
discovered in the BMP image processor of gdk-pixbuf. An attacker could
create a carefully crafted BMP file which would cause an application
to enter an infinite loop and not respond to user input when the file
was
opened by a victim. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0753 to this issue.

During a security audit, Chris Evans discovered a stack and a heap
overflow
in the XPM image decoder. An attacker could create a carefully crafted
XPM
file which could cause an application linked with gtk2 to crash or
possibly
execute arbitrary code when the file was opened by a victim.
(CAN-2004-0782, CAN-2004-0783)

Chris Evans also discovered an integer overflow in the ICO image
decoder.
An attacker could create a carefully crafted ICO file which could cause
an
application linked with gtk2 to crash when the file is opened by a
victim.
(CAN-2004-0788)

---------------------------------------------------------------------
* Fri Sep 03 2004 Matthias Clasen <mclasen@redhat.com> - 1:0.22.0-11.2.2

- Rebuild for FC1

* Fri Sep 03 2004 Matthias Clasen <mclasen@redhat.com> - 1:0.22.0-11.1.3

- Rebuild for RHEL3

* Fri Sep 03 2004 Matthias Clasen <mclasen@redhat.com> -
1:0.22.0-11.1.2E

- Fix issues in the xpm and ico loaders
found by Chris Evans (#130711)

* Fri Aug 20 2004 Owen Taylor <otaylor@redhat.com> - 1:0.22.0-10.0.2E

- Fix problem with infinite loop on bad BMP data (#130455,
test BMP from Chris Evans, fix from Manish Singh)

* Sun Aug 15 2004 Tim Waugh <twaugh@redhat.com> 1:0.22.0-9

- Fixed underquoted m4 definition.

* Mon Jun 21 2004 Matthias Clasen <mclasen@redhat.com>

- Make build

* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>

- rebuilt

* Fri Mar 05 2004 Owen Taylor <otaylor@redhat.com> 1:0.22.0-6.0.3

- Include /usr/lib/*.la for AS2.1

* Fri Mar 05 2004 Owen Taylor <otaylor@redhat.com> 1:0.22.0-6.0.2E

- Add some additional defines to work with 2.1AS

* Thu Mar 04 2004 Owen Taylor <otaylor@redhat.com> 1:0.22.0-6.1.1

- Bump and rebuild

* Thu Mar 04 2004 Owen Taylor <otaylor@redhat.com> 1:0.22.0-6.1.0

- Redo package to build without libtool-1.5 patch

* Wed Mar 03 2004 Owen Taylor <otaylor@redhat.com> 1:0.22.0-6.0.0

- Add a couple of bug-fixes backported from GTK+-2.x

* Tue Mar 02 2004 Elliot Lee <sopwith@redhat.com>

- rebuilt

* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>

- rebuilt

* Thu Aug 28 2003 Owen Taylor <otaylor@redhat.com> 1:0.22.0-4.0

- Rebuild for RHEL


---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/f ... updates/1/

19315b68f5108834ded2239186fc1983 SRPMS/gdk-pixbuf-0.22.0-11.2.2.src.rpm
1e2e3afb3290bbb1f4bd14eec8d16f90
x86_64/gdk-pixbuf-0.22.0-11.2.2.x86_64.rpm
2e96329747230323c2f2583f3cbd4764
x86_64/gdk-pixbuf-devel-0.22.0-11.2.2.x86_64.rpm
39d0264223d1f0e29b6ddd1f0c04809a
x86_64/gdk-pixbuf-gnome-0.22.0-11.2.2.x86_64.rpm
556265762760faffa27cf09a368e9c55
x86_64/debug/gdk-pixbuf-debuginfo-0.22.0-11.2.2.x86_64.rpm
ee240507ab220388cd0b37ccdb59b63d i386/gdk-pixbuf-0.22.0-11.2.2.i386.rpm
0f445a5b5745edf4e6de74742ea4bd46
i386/gdk-pixbuf-devel-0.22.0-11.2.2.i386.rpm
874699ea4c8ba8d5d2a9b467016ffc0a
i386/gdk-pixbuf-gnome-0.22.0-11.2.2.i386.rpm
bf148083099de37ab7332b2422d3331f
i386/debug/gdk-pixbuf-debuginfo-0.22.0-11.2.2.i386.rpm


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 1 post ] 

All times are UTC


Who is online

Users browsing this forum: No registered users and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group