Bug 33776

Summary: pixman: Integer underflow (3.2)
Product: UCS Reporter: Moritz Muehlenhoff <jmm>
Component: Security updatesAssignee: Moritz Muehlenhoff <jmm>
Status: CLOSED FIXED QA Contact: Philipp Hahn <hahn>
Severity: normal    
Priority: P3    
Version: UCS 3.0   
Target Milestone: UCS 3.2-2   
Hardware: Other   
OS: Linux   
What kind of report is it?: --- What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional):
Max CVSS v3 score:

Description Moritz Muehlenhoff univentionstaff 2013-12-19 07:51:37 CET 
+++ This bug was initially created as a clone of Bug #33775 +++

An integer underflow in Pixman could lead to denial of service or the execution of arbitrary code (CVE-2013-6424)
Comment 1 Moritz Muehlenhoff univentionstaff 2014-01-02 13:56:03 CET 
(In reply to Moritz Muehlenhoff from comment #0)
> +++ This bug was initially created as a clone of Bug #33775 +++
> 
> An integer underflow in Pixman could lead to denial of service or the
> execution of arbitrary code (CVE-2013-6424)

That should read CVE-2013-6425
Comment 2 Moritz Muehlenhoff univentionstaff 2014-05-02 13:23:14 CEST 
This issu was fixed with the update to Squeeze 6.0.9 (Bug 34588). The QA should ideally be made by the same person.
Comment 3 Philipp Hahn univentionstaff 2014-05-06 20:12:03 CEST 
OK: aptitude install '?source-package(pixman)'
OK: pixman (0.16.4-1+deb6u1) squeeze-security; urgency=high
  * pixman_trapezoid_valid(): Fix underflow when bottom is close to MIN_INT
    Addresses CVE-2013-6425
Comment 4 Stefan Gohmann univentionstaff 2014-05-20 07:53:30 CEST 
UCS 3.2-2 has been released:
 http://docs.univention.de/release-notes-3.2-2-en.html
 http://docs.univention.de/release-notes-3.2-2-de.html

If this error occurs again, please use "Clone This Bug".