Comment 6 for bug 8129

Message-Id: <1095463954.27651.17.camel@seb128>
Date: Sat, 18 Sep 2004 01:32:34 +0200
From: Sebastien Bacher <email address hidden>
To: Joey Hess <email address hidden>, <email address hidden>
Subject: Re: Bug#272166: vulnerable to holes fixed by DSA-549-1

Le vendredi 17 septembre 2004 =E0 19:09 -0400, Joey Hess a =E9crit :
> Package: gtk+2.0
> Severity: grave
>=20
> For the record: This package is vulnerable to the security holes fixed
> in stable by DSA-549-1. The CAN numbers of these security holes are
> CAN-2004-0782 CAN-2004-0783 CAN-2004-0788.

Is there a problem with the package uploaded today ? If not the bug
should probably be tagged + sarge ...

 gtk+2.0 (2.4.9-2) unstable; urgency=3Dhigh
 .
   * debian/patches/002_xpmico.patch:
     - fix CAN-2004-0782 Heap-based overflow in pixbuf_create_from_xpm.
     - fix CAN-2004-0783 Stack-based overflow in xpm_extract_color.
     - fix CAN-2004-0788 ico loader integer overflow.

Thanks,

Sebastien Bacher