Re: Gtk2 1.2495 (stable) available

From: intrigeri <intrigeri+debian boum org>
To: gtk-perl-list gnome org
Subject: Re: Gtk2 1.2495 (stable) available
Date: Wed, 28 Jan 2015 17:51:28 +0100

Torsten Schönfeld wrote (28 Jan 2015 16:06:33 GMT) :

intrigeri <intrigeri+debian boum org>:

Brian Manning wrote (28 Jan 2015 02:10:23 GMT) :

Overview of changes in Gtk2 1.2495 (stable) [2015-01-27]
========================================================

* Fix incorrect memory management in Gtk2::Gdk::Display::list_devices


Did that bug have any security implication?

The code was freeing memory that gtk+ still holds onto and might access later. So,
yes, it is conceivable that this can be exploited.


Thanks. I've not seen a CVE request on oss-security (could have missed
it, though). Will it be allocated in another way, e.g. from the Red
Hat pool? A CVE would help distros a lot.

Cheers,
-- 
intrigeri

Follow-Ups:
- Re: Gtk2 1.2495 (stable) available
  - From: Torsten Schoenfeld

References:
- Gtk2 1.2495 (stable) available
  - From: Brian Manning
- Re: Gtk2 1.2495 (stable) available
  - From: intrigeri
- Re: Gtk2 1.2495 (stable) available
  - From: Torsten Schönfeld

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]