touch-packages team mailing list archive

Thread
Date

[Bug 1366790] Re: Fix for CVE-2014-1949 (GTK 3.10.x)

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Marc Deslauriers <marc.deslauriers@xxxxxxxxxxxxx>
Date: Mon, 08 Sep 2014 19:11:28 -0000
Reply-to: Bug 1366790 <1366790@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

CVE-2014-1949 was assigned to cinnamon-screensaver.

The fix for this issue actually lies in gtk+3.0, in the following
commit:

https://git.gnome.org/browse/gtk+/commit/?id=1691bb741d50c90ee938f0b73fe81b0ca9bfd6d4

gtk+3.0 is already fixed in utopic, and we only have connamon-
screensaver in utopic.

Hence, this issue doesn't have a security impact in trusty.

If you would like this fixed in the gtk+3.0 package in trusty, it will
need to be done through the SRU process just like other bug fixes.
Please see the following for the procedure:

https://wiki.ubuntu.com/StableReleaseUpdates

** Also affects: gtk+3.0 (Ubuntu Trusty)
   Importance: Undecided
       Status: New

** Also affects: gtk+3.0 (Ubuntu Utopic)
   Importance: Undecided
       Status: New

** Changed in: gtk+3.0 (Ubuntu Utopic)
       Status: New => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-1949

** Changed in: gtk+3.0 (Ubuntu Trusty)
       Status: New => Confirmed

** Information type changed from Public Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gtk+3.0 in Ubuntu.
https://bugs.launchpad.net/bugs/1366790

Title:
  Fix for CVE-2014-1949 (GTK 3.10.x)

Status in “gtk+3.0” package in Ubuntu:
  Fix Released
Status in “gtk+3.0” source package in Trusty:
  Confirmed
Status in “gtk+3.0” source package in Utopic:
  Fix Released

Bug description:
  Please see:

  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759145

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gtk+3.0/+bug/1366790/+subscriptions