Bugzilla – Bug 671064
VUL-0: CVE-2011-0433: evince: More Evince overflows
Last modified: 2017-07-03 07:23:18 UTC
Hi. There is a security bug in package 'evince'. This information is from 'vendor-sec'. This bug is NOT PUBLIC. There is no coordinated release date (CRD) set. More information can be found here: https://bugzilla.gnome.org/show_bug.cgi?id=640923 Original posting: ---------- Weitergeleitete Nachricht ---------- Betreff: [vendor-sec] More Evince overflows Datum: Donnerstag, 10. Februar 2011, 16:54:23 Von: Ulrik Persson <ddefrostt@gmail.com> An: vendor-sec@lst.de More Evince overflows: https://bugzilla.gnome.org/show_bug.cgi?id=640923 // Ulrik _______________________________________________ Vendor Security mailing list Vendor Security@lst.de https://www.lst.de/cgi-bin/mailman/listinfo/vendor-sec -------------------------------------------------------------
Well it is public. :)
I've fixed it upstream. Fix submitted for Factory/11.4 (sr#61628), 11.3 (sr#61626), 11.2 (sr#61625). Scott, who should take care of this for SLE?
Btw, feel free to send the link to the fix to vendor-sec: http://git.gnome.org/browse/evince/commit/?id=439c5070022eab6cef7266aab47f978058012c72
I will take this one.
The SWAMPID for this issue is 38801. This issue was rated as important. Please submit fixed packages until 2011-02-25. When done, please reassign the bug to security-team@suse.de. Patchinfo will be handled by security team.
Submitted fix to SLED11 SP1 (request #10766 ) and SLED10 (request #10765)
CVE-2011-0433
Date: Fri, 4 Mar 2011 17:13:47 +0100 From: Tomas Hoger <thoger@redhat.com> Subject: Re: [oss-security] Re: CVE request: More Evince overflows [...] There's an off-by-one in those fixes, as it's been pointed out to me. So if you've not fixed yet, you may want to look at: https://bugzilla.gnome.org/show_bug.cgi?id=643882 -- Tomas Hoger / Red Hat Security Response Team
I fixed them all while I was in here... 11.2 - request #64345 11.3 - request #64346 11.4 - request #64347 sle10 - request #11208 sle11 sp1 - request #11209 I proposed my patch for upstream inclusion on the bug as well.
Thanks! The single zero byte overflow on the heap is probably not security relevant so I'm not starting a new security update on 11.4. We can include the fix in future evince updates instead.
Update released for: evince, evince-debuginfo, evince-debugsource, evince-devel, evince-lang, nautilus-evince, nautilus-evince-debuginfo Products: openSUSE 11.2 (debug, i586, x86_64) openSUSE 11.3 (debug, i586, x86_64)
released
Update released for: evince, evince-debuginfo, evince-debugsource, evince-devel, evince-doc, evince-lang Products: SLE-DEBUGINFO 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLE-DESKTOP 11-SP1 (i386, x86_64) SLE-SDK 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLES4VMWARE 11-SP1 (i386, x86_64)
Update released for: evince, evince-debuginfo Products: SLE-DESKTOP 10-SP3 (i386, x86_64) SLE-SAP-APL 10-SP3 (x86_64) SLE-SERVER 10-SP3 (i386, ia64, ppc, s390x, x86_64)
Update released for: evince, evince-debuginfo Products: SLE-DESKTOP 10-SP4 (i386, x86_64) SLE-SERVER 10-SP4 (i386, ia64, ppc, s390x, x86_64)
*** Bug 685572 has been marked as a duplicate of this bug. ***
According to Thomas' comment and upstream bugzilla this issue is public.