Subject: CVS commit: pkgsrc/graphics/gdk-pixbuf
From: Lubomir Sedlacik
Date: 2005-11-26 10:40:50
Message id: 20051126094050.073E62DA27@cvs.netbsd.org
Log Message:
Security fixes for CVE-2005-2975, CVE-2005-2976 and CVE-2005-3186:

"io-xpm.c in the gdk-pixbuf XPM image rendering library allows attackers
to cause a denial of service (infinite loop) via a crafted XPM image
with a large number of colors."

"Integer overflow in io-xpm.c in gdk-pixbuf allows attackers to cause a
denial of service (crash) or execute arbitrary code via an XPM file with
large height, width, and colour values, a different vulnerability than
CVE-2005-3186."

"Integer overflow in the gdk-pixbuf XPM image rendering library allows
attackers to execute arbitrary code via an XPM file with a number of
colors that causes insufficient memory to be allocated, which leads to
a heap-based buffer overflow."

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2975
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3186
Files:
RevisionActionfile
1.32modifypkgsrc/graphics/gdk-pixbuf/Makefile
1.19modifypkgsrc/graphics/gdk-pixbuf/distinfo
1.1addpkgsrc/graphics/gdk-pixbuf/patches/patch-am