PublicDateAtUSN: 2011-08-19
Candidate: CVE-2011-3170
PublicDate: 2011-08-19 17:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3170
 https://ubuntu.com/security/notices/USN-1207-1
Description:
 The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and earlier
 does not properly handle the first code word in an LZW stream, which allows
 remote attackers to trigger a heap-based buffer overflow, and possibly
 execute arbitrary code, via a crafted stream, a different vulnerability
 than CVE-2011-2896.
Ubuntu-Description:
Notes:
 mdeslaur> This also affects cups 1.5.x and isn't fixed in 1.5.0
 mdeslaur> gimp was fixed correctly with a single commit, so doesn't have
 mdeslaur> this issue, which is an incomplete fix.
Bugs:
 http://cups.org/str.php?L3914
Priority: medium
Discovered-by: Tomas Hoger
Assigned-to: mdeslaur
CVSS: 

Patches_cups:
 upstream: https://github.com/apple/cups/commit/771bd8cbffe1ffb06d90b2c7f00191830e6b738c
upstream_cups: released (1.5.0-8)
hardy_cups: DNE
lucid_cups: released (1.4.3-1ubuntu1.5)
maverick_cups: released (1.4.4-6ubuntu2.4)
natty_cups: released (1.4.6-5ubuntu1.4)
oneiric_cups:  not-affected (1.5.0-8)
precise_cups: not-affected (1.5.0-8)
precise/esm_cups: DNE (precise was not-affected [1.5.0-8])
quantal_cups: not-affected (1.5.0-8)
raring_cups: not-affected (1.5.0-8)
saucy_cups: not-affected (1.5.0-8)
trusty_cups: not-affected (1.5.0-8)
trusty/esm_cups: DNE (trusty was not-affected [1.5.0-8])
utopic_cups: not-affected (1.5.0-8)
vivid_cups: not-affected (1.5.0-8)
vivid/stable-phone-overlay_cups: not-affected (1.5.0-8)
vivid/ubuntu-core_cups: DNE
wily_cups: not-affected (1.5.0-8)
xenial_cups: not-affected (1.5.0-8)
esm-infra/xenial_cups: not-affected (1.5.0-8)
yakkety_cups: not-affected (1.5.0-8)
zesty_cups: not-affected (1.5.0-8)
artful_cups: not-affected (1.5.0-8)
bionic_cups: not-affected (1.5.0-8)
cosmic_cups: not-affected (1.5.0-8)
disco_cups: not-affected (1.5.0-8)
eoan_cups: not-affected (1.5.0-8)
focal_cups: not-affected (1.5.0-8)
groovy_cups: not-affected (1.5.0-8)
hirsute_cups: not-affected (1.5.0-8)
impish_cups: not-affected (1.5.0-8)
jammy_cups: not-affected (1.5.0-8)
devel_cups: not-affected (1.5.0-8)

Patches_cupsys:
upstream_cupsys: needs-triage
hardy_cupsys: released (1.3.7-1ubuntu3.13)
lucid_cupsys: DNE
maverick_cupsys: DNE
natty_cupsys: DNE
oneiric_cupsys: DNE
precise_cupsys: DNE
precise/esm_cupsys: DNE
quantal_cupsys: DNE
raring_cupsys: DNE
saucy_cupsys: DNE
trusty_cupsys: DNE
trusty/esm_cupsys: DNE
utopic_cupsys: DNE
vivid_cupsys: DNE
vivid/stable-phone-overlay_cupsys: DNE
vivid/ubuntu-core_cupsys: DNE
wily_cupsys: DNE
xenial_cupsys: DNE
yakkety_cupsys: DNE
zesty_cupsys: DNE
artful_cupsys: DNE
bionic_cupsys: DNE
cosmic_cupsys: DNE
disco_cupsys: DNE
eoan_cupsys: DNE
focal_cupsys: DNE
groovy_cupsys: DNE
hirsute_cupsys: DNE
impish_cupsys: DNE
jammy_cupsys: DNE
devel_cupsys: DNE

Patches_gimp:
upstream_gimp: not-affected
hardy_gimp: ignored (reached end-of-life)
lucid_gimp: not-affected
maverick_gimp: not-affected
natty_gimp: not-affected
oneiric_gimp: not-affected
precise_gimp: not-affected
precise/esm_gimp: DNE (precise was not-affected)
quantal_gimp: not-affected
raring_gimp: not-affected
saucy_gimp: not-affected
trusty_gimp: not-affected
trusty/esm_gimp: DNE (trusty was not-affected)
utopic_gimp: not-affected
vivid_gimp: not-affected
vivid/stable-phone-overlay_gimp: DNE
vivid/ubuntu-core_gimp: DNE
wily_gimp: not-affected
xenial_gimp: not-affected
yakkety_gimp: not-affected
zesty_gimp: not-affected
artful_gimp: not-affected
bionic_gimp: not-affected
cosmic_gimp: not-affected
disco_gimp: not-affected
eoan_gimp: not-affected
focal_gimp: not-affected
groovy_gimp: not-affected
hirsute_gimp: not-affected
impish_gimp: not-affected
jammy_gimp: not-affected
devel_gimp: not-affected

Patches_swi-prolog:
 upstream: http://www.swi-prolog.org/git/packages/xpce.git/commit/30fbc4e030cbef5871e1b96c31458116ce3e2ee8
upstream_swi-prolog: needs-triage
hardy_swi-prolog: ignored (reached end-of-life)
lucid_swi-prolog: ignored (reached end-of-life)
maverick_swi-prolog: ignored (reached end-of-life)
natty_swi-prolog: ignored (reached end-of-life)
oneiric_swi-prolog: ignored (reached end-of-life)
precise_swi-prolog: ignored (reached end-of-life)
precise/esm_swi-prolog: DNE (precise was needed)
quantal_swi-prolog: ignored (reached end-of-life)
raring_swi-prolog: ignored (reached end-of-life)
saucy_swi-prolog: ignored (reached end-of-life)
trusty_swi-prolog: ignored (reached end-of-life)
trusty/esm_swi-prolog: DNE (trusty was needed)
utopic_swi-prolog: ignored (reached end-of-life)
vivid_swi-prolog: ignored (reached end-of-life)
vivid/stable-phone-overlay_swi-prolog: DNE
vivid/ubuntu-core_swi-prolog: DNE
wily_swi-prolog: ignored (reached end-of-life)
xenial_swi-prolog: ignored (end of standard support, was needed)
yakkety_swi-prolog: ignored (reached end-of-life)
zesty_swi-prolog: ignored (reached end-of-life)
artful_swi-prolog: ignored (reached end-of-life)
bionic_swi-prolog: needed
cosmic_swi-prolog: ignored (reached end-of-life)
disco_swi-prolog: ignored (reached end-of-life)
eoan_swi-prolog: ignored (reached end-of-life)
focal_swi-prolog: needed
groovy_swi-prolog: ignored (reached end-of-life)
hirsute_swi-prolog: ignored (reached end-of-life)
impish_swi-prolog: needed
jammy_swi-prolog: needed
devel_swi-prolog: needed