Date: Tue, 17 May 2016 11:52:28 -0400 (EDT) From: cve-assign@...re.org To: carnil@...ian.org Cc: cve-assign@...re.org, oss-security@...ts.openwall.com Subject: Re: CVE Request: gdk-pixbuf: Additional fixes to protect against overlows in pixops_* functions (similar to CVE-2015-7674) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > CVE-2015-7674, an integer overflow flaw in the pixops_scale_nearest > function, was fixed by > > https://git.gnome.org/browse/gdk-pixbuf/commit/?id=e9a5704edaa9aee9498f1fbf6e1b70fcce2e55aa > > There is another commit in the gdk-pixbuf repository to fix overflows > in the pixops_composite_nearest, pixops_composite_color_nearest and > pixops_process functions: > > https://git.gnome.org/browse/gdk-pixbuf/commit/?id=dbfe8f70471864818bf458a39c8a99640895bd22 > > Can you assign an additional CVE for this since the scope for > CVE-2015-7674 was for the pixops_scale_nearest function? > > The two commits were not fixed in > the same release, the initial one resulting in CVE-2015-7674 is > contained in 2.32.1, whereas the second commit came later in 2.33.1. Use CVE-2015-8875 for dbfe8f70471864818bf458a39c8a99640895bd22. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJXOz25AAoJEHb/MwWLVhi2uzQQAJLasmM6bKZ9byBNHW92u63I V8zfQ1vKPHJsQUJ+/ydbfmlyxeClfUUPYK37NLFzMtlhZjuRte8FPaYoYjayahSn sfGfBsw/Vtpx14t3AUofZx+NAnr37EOD/N1iXHnBKdO7YZtBkIBfB/0ts0uxnY6f 7AYMChqNpqFI9gZdCAJjao0spCe11D203QLUygDGFZZ+/+bbEfIJZK4KZGisR0tY n8MZln8+QstCnuG/5/6MPa976dMe3a0bNjGuMg399qP9iDCHmGnfAmoKh68YQFMT NO6Q1J6TPwLKT+xRNfTzdwmZFYW2m59oj1BSZ/jvWbl/8lOn+oukBpQElwuvB6jz rwJWU11gMwPXPEMyEnKW9X2U3zMYVcGzPD20/j4rJJsL2vA78iCrgF6owGYZPAji mFFm+GovverJqJWx452UeUdsBbEYc/A5hlQN6oa0780QLas6Wo3QZdCyuPpDWnu+ eh/U2qVk4+BGLQiZb55dlBqmVJkW7RktqUnhFYgDC7kUbR3hpprKKDj5NnSznuYG Jzs1LBV6h3wb4LBcILU4d+z1OcSRFYL334XHGEurtML08GTAhuqMhZT3o/YnFeut EStuqTBEWmQd0IEsxYhC6sP1w4+rfIfEd0X94vi6qqBettbmNguTgAgiy/SLNISl FshmJwoViYA7W+UAo1fz =rGoH -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ