--------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-2073 Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2073 2005-02-23 --------------------------------------------------------------------- Name : gtk2 Versions : rh7.3: gtk2-2.0.2-4.1.legacy.1 rh9: gtk2-2.2.1-4.1.legacy.1 Summary : The GIMP ToolKit (GTK+), a library for creating GUIs for X. Description : The gtk+ package contains the GIMP ToolKit (GTK+), a library for creating graphical user interfaces for the X Window System. GTK+ was originally written for the GIMP (GNU Image Manipulation Program) image processing program, but is now used by several other programs as well. --------------------------------------------------------------------- Update Information: Updated gtk2 pacakges that fix security issues are now available. gtk2, the Gimp Toolkit, is a library for creating GUIs for X. During testing of a previously fixed flaw in Qt (CAN-2004-0691), a flaw was discovered in the BMP image processor of gtk2. An attacker could create a carefully crafted BMP file which would cause an application to enter an infinite loop and not respond to user input when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0753 to this issue. During a security audit Chris Evans discovered a stack and a heap overflow in the XPM image decoder. An attacker could create a carefully crafted XPM file which could cause an application linked with gtk2 to crash or possibly execute arbitrary code when the file was opened by a victim. (CAN-2004-0782, CAN-2004-0783) Chris Evans also discovered an integer overflow in the ICO image decoder. An attacker could create a carefully crafted ICO file which could cause an application linked with gtk2 to crash when the file was opened by a victim. (CAN-2004-0788) --------------------------------------------------------------------- Changelogs rh73: * Thu Feb 17 2005 Dominic Hargreaves <dom@xxxxxxxx> 2.0.2-4.1.legacy.1 - Add gettext, libtool, autoconf build dep * Sun Sep 19 2004 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 2.0.2-4.1.lega cy - Added security patch for CAN-2004-0782, CAN-2004-0783, CAN-2004-0788 rh9: * Wed Feb 23 2005 Dominic Hargreaves <dom@xxxxxxxx> 2.2.1-4.1.legacy.1 - Fix build requirement for automake * Sun Sep 19 2004 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 2.2.1-4.1.lega cy - add security fixes for CAN-2004-0753, CAN-2004-0782, CAN-2004-0783, CAN-2004-0788 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) rh7.3: 40a04f9de6f6c3c25ee15a275f15b5905c584cd5 redhat/7.3/updates-testing/SRPMS/gtk2-2.0.2-4.1.legacy.1.src.rpm 804021fcabd265dbf90eaf0ea5b5fa8e8e60a12b redhat/7.3/updates-testing/i386/gtk2-2.0.2-4.1.legacy.1.i386.rpm 3e1abc389122c5a5a76c4007d9c59584aabd0234 redhat/7.3/updates-testing/i386/gtk2-devel-2.0.2-4.1.legacy.1.i386.rpm rh9: 0a6fd49149977d627fc14a8a4eebe4dfe69fcfd9 redhat/9/updates-testing/SRPMS/gtk2-2.2.1-4.1.legacy.1.src.rpm eb8b595676024ccc5cb2f61eaeaa55e765cfa698 redhat/9/updates-testing/i386/gtk2-2.2.1-4.1.legacy.1.i386.rpm b64b81500f5815becc4a264c640e91221f596d00 redhat/9/updates-testing/i386/gtk2-devel-2.2.1-4.1.legacy.1.i386.rpm --------------------------------------------------------------------- Please test and comment in bugzilla.
Attachment:
signature.asc
Description: Digital signature
-- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list
