Package: release.debian.org Severity: normal Tags: wheezy User: release.debian....@packages.debian.org Usertags: pu
Hi, I'd like to upate gtk+3.0 in wheezy to fix CVE-2013-7447.patch with the attached debiff. Wheezy is currnelty the only unfixed gtk+3.0 version. Cheers, -- Guido -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (990, 'testing'), (500, 'stable-updates'), (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.1.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
diff --git a/debian/changelog b/debian/changelog index 999a883..37c3d67 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +gtk+3.0 (3.4.2-7+deb7u1) oldstable-proposed-updates; urgency=medium + + * Non-maintainer upload. + * CVE-2013-7447.patch: Avoid integer overflow when allocating a large block + of memory in gdk_cairo_set_source_pixbuf (Closes: #818090) + + -- Guido Günther <a...@sigxcpu.org> Sun, 13 Mar 2016 16:22:28 +0100 + gtk+3.0 (3.4.2-7) stable; urgency=low [ Raphaël Geissert ] diff --git a/debian/patches/CVE-2013-7447.patch b/debian/patches/CVE-2013-7447.patch new file mode 100644 index 0000000..cb851a2 --- /dev/null +++ b/debian/patches/CVE-2013-7447.patch @@ -0,0 +1,24 @@ +From: =?utf-8?q?Guido_G=C3=BCnther?= <a...@sigxcpu.org> +Date: Sun, 13 Mar 2016 15:38:37 +0100 +Subject: CVE-2013-7447 + +Cherry-pick of upstream commit + +https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6 +--- + gdk/gdkcairo.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/gdk/gdkcairo.c b/gdk/gdkcairo.c +index 19bed04..2e1d8dc 100644 +--- a/gdk/gdkcairo.c ++++ b/gdk/gdkcairo.c +@@ -213,7 +213,7 @@ gdk_cairo_set_source_pixbuf (cairo_t *cr, + format = CAIRO_FORMAT_ARGB32; + + cairo_stride = cairo_format_stride_for_width (format, width); +- cairo_pixels = g_malloc (height * cairo_stride); ++ cairo_pixels = g_malloc_n (height, cairo_stride); + surface = cairo_image_surface_create_for_data ((unsigned char *)cairo_pixels, + format, + width, height, cairo_stride); diff --git a/debian/patches/series b/debian/patches/series index e9942cf..866e6e9 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -15,3 +15,4 @@ 074_try-harder-to-discriminate-Shift-F10-and-F10.patch 075_gtkplug-fix-handling-of-key-events-for-layouts.patch 076_check_wm_supports_hint.patch +CVE-2013-7447.patch
