Debian Bug report logs -
#700308
src:pixman: CVE-2013-1591
Reported by: Helmut Grohne <helmut@subdivi.de>
Date: Mon, 11 Feb 2013 13:42:01 UTC
Severity: grave
Tags: security
Fixed in version pixman/0.26.0-4
Done: Julien Cristau <jcristau@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian X Strike Force <debian-x@lists.debian.org>:
Bug#700308; Package src:pixman.
(Mon, 11 Feb 2013 13:42:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Helmut Grohne <helmut@subdivi.de>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian X Strike Force <debian-x@lists.debian.org>.
(Mon, 11 Feb 2013 13:42:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: src:pixman
Severity: grave
Tags: security
The pixman library may be affected by CVE-2013-1591.
| Stack-based buffer overflow in libpixman, as used in Pale Moon before
| 15.4, has unspecified impact and attack vectors.
The only references I could find so far were:
http://www.palemoon.org/releasenotes-ng.shtml
http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1591.html
Please investigate which pixman versions (if any) are affected by this
issue and update version information for this bug report.
Helmut
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian X Strike Force <debian-x@lists.debian.org>:
Bug#700308; Package src:pixman.
(Mon, 11 Feb 2013 18:57:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Julien Cristau <julien.cristau@logilab.fr>:
Extra info received and forwarded to list. Copy sent to Debian X Strike Force <debian-x@lists.debian.org>.
(Mon, 11 Feb 2013 18:57:03 GMT) (full text, mbox, link).
Message #10 received at 700308@bugs.debian.org (full text, mbox, reply):
On Mon, Feb 11, 2013 at 14:40:21 +0100, Helmut Grohne wrote:
> Package: src:pixman
> Severity: grave
> Tags: security
>
> The pixman library may be affected by CVE-2013-1591.
>
> | Stack-based buffer overflow in libpixman, as used in Pale Moon before
> | 15.4, has unspecified impact and attack vectors.
>
> The only references I could find so far were:
>
> http://www.palemoon.org/releasenotes-ng.shtml
> http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1591.html
>
> Please investigate which pixman versions (if any) are affected by this
> issue and update version information for this bug report.
>
15:31 < mdeslaur> jcristau: this seems to be the only difference in pale
moon: http://cgit.freedesktop.org/pixman/commit/?id=de60e2e0e3eb6084f8f14b63f25b3cbfb012943f
haven't had a chance to look when that was introduced yet, that may have
to wait a couple days.
Cheers,
Julien
Reply sent
to Julien Cristau <jcristau@debian.org>:
You have taken responsibility.
(Mon, 18 Feb 2013 19:36:05 GMT) (full text, mbox, link).
Notification sent
to Helmut Grohne <helmut@subdivi.de>:
Bug acknowledged by developer.
(Mon, 18 Feb 2013 19:36:05 GMT) (full text, mbox, link).
Message #15 received at 700308-close@bugs.debian.org (full text, mbox, reply):
Source: pixman
Source-Version: 0.26.0-4
We believe that the bug you reported is fixed in the latest version of
pixman, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 700308@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Julien Cristau <jcristau@debian.org> (supplier of updated pixman package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 18 Feb 2013 19:58:33 +0100
Source: pixman
Binary: libpixman-1-0 libpixman-1-0-udeb libpixman-1-0-dbg libpixman-1-dev
Architecture: source amd64
Version: 0.26.0-4
Distribution: sid
Urgency: high
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
Changed-By: Julien Cristau <jcristau@debian.org>
Description:
libpixman-1-0 - pixel-manipulation library for X and cairo
libpixman-1-0-dbg - pixel-manipulation library for X and cairo (debugging symbols)
libpixman-1-0-udeb - pixel-manipulation library for X and cairo (udeb)
libpixman-1-dev - pixel-manipulation library for X and cairo (development files)
Closes: 700308
Changes:
pixman (0.26.0-4) sid; urgency=high
.
* Fix for CVE-2013-1591 (stack-based buffer overflow), cherry-picked from
0.27.4 (closes: #700308).
Checksums-Sha1:
f180cfe7037cb599165430d988637d12107ae0b4 2038 pixman_0.26.0-4.dsc
be59d149c05e2ef8bc3a8e49f07d60d505baee01 211324 pixman_0.26.0-4.diff.gz
9672f1d8746e37a0b204a3bc4870f5524c39b5d2 426830 libpixman-1-0_0.26.0-4_amd64.deb
5cc02cc94c0d9601dae746a9449671d6b96bc56e 186372 libpixman-1-0-udeb_0.26.0-4_amd64.udeb
84dc81aa613dcb9aa29727648703097ad7c61d89 1222520 libpixman-1-0-dbg_0.26.0-4_amd64.deb
5e2a80c30d6688596e79f2b612373d4c345e49b6 457078 libpixman-1-dev_0.26.0-4_amd64.deb
Checksums-Sha256:
a83de48daac679777823eb57c34d9fe097e31de33bdd8c14cfed02b243542bfe 2038 pixman_0.26.0-4.dsc
0efe3c1184fbe7b4abafb55d62da8b8c63379365909e2feb89191d3ebc1f701c 211324 pixman_0.26.0-4.diff.gz
8b6be9c706a5f3a58731f7ba2f1379119e90be543a9f5de3589fc21d1f5054a0 426830 libpixman-1-0_0.26.0-4_amd64.deb
dcb58fc322208c0894f2c5ef4754b0f09f9d2cadc0c3849929a0d362a7bc4bc5 186372 libpixman-1-0-udeb_0.26.0-4_amd64.udeb
527a3440e41a22cf7df3c95f4ef410e93917b10215d70a295dfe9f6e57a9e40f 1222520 libpixman-1-0-dbg_0.26.0-4_amd64.deb
ca89a713c9a17924dfaba051d48d2cc3dfebd9c453a104840a34349c9e95f7c0 457078 libpixman-1-dev_0.26.0-4_amd64.deb
Files:
9e89462f59efa06f9c89d1de4db99fca 2038 devel optional pixman_0.26.0-4.dsc
6d846b73a259768acd1261629383f37b 211324 devel optional pixman_0.26.0-4.diff.gz
2c4f7e27abb5e632a8054271fd6eeb41 426830 libs optional libpixman-1-0_0.26.0-4_amd64.deb
102d298791ec8ab4d4ccdaec9f547161 186372 debian-installer optional libpixman-1-0-udeb_0.26.0-4_amd64.udeb
da348fffd4e1bc7649af1f3df3595ded 1222520 debug extra libpixman-1-0-dbg_0.26.0-4_amd64.deb
bbab7015c961664c34ed9673dcbe2727 457078 libdevel optional libpixman-1-dev_0.26.0-4_amd64.deb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJRIn4xAAoJEDEBgAUJBeQMYaMQAJ17qstHB+pBIHDlG2/sxRrA
lvDKCYVeCSw4meHYu9wo5zkR6rV+I/gEEiTn+pOwE4wGApyFrdnrNipu3zdp3Syc
Qj/7MqVKPzlUY/VE5WcGt2h7/fEU0qyDcVHuivhonLo5qSXcWaX8qORhyR+C9QQa
VqtptOIhvUS3nkYqxKgvOoBTTofvsZVNJqUGLAhSrR399BF76LLKYOa25CJtAh4G
vaOrWxZf9q3l/wsw99FxffcBVaXXf/QE8B7cBOdxd9UyH3CnCKW9GuXz5cEH3pKi
xvSH1PNmCLAAVLDmfmKyON9Rz3044ufskcidyU/iJzalX7jmhYEY71WOaeq/POlQ
i2TDNbxkDxsUL5hZKQYGsznPHgU+pNE1063fO9MFroEdVadu9vrybhPqKbOird3m
U/G5UdoHANpGzP/Sr8xpFLtoppCFZ/ptyKbJvpzsDTV1aI51DXB+GpMhyqK8HXD/
BJP/1FrGh5Q1qnjcXRyfUfy3adt4iZuGhqEMI5X2dbP6jkJsTR/lN6Aqzh4/AU4X
p7zNz9DEYKoIURIw6g4oh5vHW+YL1VKX40YrytKfcX508v4uJWVNdgcZWx9aRqxT
CzEAgxtytyZtvibe56TPwRN3rbqczG5AQl7XX7ZU1dCyTt0lWV1lprnR7D9VC24g
tLLvYwWbUy/gUJo5S3/9
=ZcZ4
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 02 Jun 2013 07:32:39 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:28:38 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon