A bug was found in the way gdk-pixbuf processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gdk-pixbuf to execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-3186 to this issue. Ludwig Nussel discovered an integer overflow bug in the way gdk-pixbuf processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gdk-pixbuf to execute arbitrary code or crash when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2976 to this issue. Ludwig Nussel also discovered an infinite-loop denial of service bug in the way gdk-pixbuf processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gdk-pixbuf to stop responding when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2975 to this issue. See https://rhn.redhat.com/errata/RHSA-2005-810.html
At least on RH7.3 source rpm gdk-pixbuf-0.22.0-12.el2.3.src.rpm recompiles without any real changes.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Here are updated packages to QA: 3f19c11c5de388b4895ae73cbcb1a2e0958c7a80 7.3/gdk-pixbuf-0.22.0-7.73.4.legacy.src.rpm 73cdb160dd42758aff93f18b2ffedcb76a6ee507 9/gdk-pixbuf-0.22.0-7.90.4.legacy.src.rpm cb482dce175e1e2913dd6e6e5344f8309a5b1e8e 1/gdk-pixbuf-0.22.0-11.3.4.2.legacy.src.rpm 00cd30c407d5fe88522c67115f1d4073e610693f 2/gdk-pixbuf-0.22.0-12.fc2.1.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/7.3/gdk-pixbuf-0.22.0-7.73.4.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/9/gdk-pixbuf-0.22.0-7.90.4.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/1/gdk-pixbuf-0.22.0-11.3.4.2.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/2/gdk-pixbuf-0.22.0-12.fc2.1.legacy.src.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.1 (GNU/Linux) iD8DBQFD+RonLMAs/0C4zNoRAjWUAJ9KvwAbAidpy+QpILSiA+k2DcfYcACfX7P0 wt1tLvKXGYbvRYbcJB7+ooo= =qOLt -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 QA w/ rpm-build-compare.sh: - source integrity good - spec file changes minimal - patches verified to come from RHEL +PUBLISH RHL73, RHL9, FC1, FC2 cb482dce175e1e2913dd6e6e5344f8309a5b1e8e gdk-pixbuf-0.22.0-11.3.4.2.legacy.src.rpm 00cd30c407d5fe88522c67115f1d4073e610693f gdk-pixbuf-0.22.0-12.fc2.1.legacy.src.rpm 3f19c11c5de388b4895ae73cbcb1a2e0958c7a80 gdk-pixbuf-0.22.0-7.73.4.legacy.src.rpm 73cdb160dd42758aff93f18b2ffedcb76a6ee507 gdk-pixbuf-0.22.0-7.90.4.legacy.src.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFD+WVDGHbTkzxSL7QRAoOgAJ9727tGzdziN1HCIBE2ynieGqW/5QCeL8Yu vLl3h5LB39NXeJqVjOvmHic= =D2Io -----END PGP SIGNATURE-----
Packages were sent to updates-testing
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 QA for RHL9. Signatures OK, upgrades OK. Tested mproject which depends on this, works OK. +VERIFY RHL9 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD4DBQFEBVDWGHbTkzxSL7QRAq3pAKCpSecjCpqQVPoUDSpA16bGr0dl+QCVGfqG uRyiFSpGq9w85wy7wjawOg== =FjBw -----END PGP SIGNATURE-----
Timeout over.
Packages were pushed to updates.