Re: Gtk2 1.2495 (stable) available

Torsten Schönfeld wrote (28 Jan 2015 16:06:33 GMT) :
intrigeri <intrigeri+debian boum org>:
Brian Manning wrote (28 Jan 2015 02:10:23 GMT) :
Overview of changes in Gtk2 1.2495 (stable) [2015-01-27]

* Fix incorrect memory management in Gtk2::Gdk::Display::list_devices

Did that bug have any security implication?

The code was freeing memory that gtk+ still holds onto and might access later. So,
yes, it is conceivable that this can be exploited.

Thanks. I've not seen a CVE request on oss-security (could have missed
it, though). Will it be allocated in another way, e.g. from the Red
Hat pool? A CVE would help distros a lot.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]