-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

            ESB-2005.0948 -- Debian Security Advisory DSA 911-1
             New gtk+2.0 packages fix several vulnerabilities
                             30 November 2005

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           gtk+2.0
Publisher:         Debian
Operating System:  Debian GNU/Linux 3.1
                   Debian GNU/Linux 3.0
                   Linux variants
Impact:            Execute Arbitrary Code/Commands
                   Denial of Service
Access:            Remote/Unauthenticated
CVE Names:         CVE-2005-3186 CVE-2005-2976 CVE-2005-2975

Ref:               ESB-2005.0923
                   ESB-2005.0922

Original Bulletin: http://www.debian.org/security/2005/dsa-911

Comment: This advisory references vulnerabilities in products which run on
         platforms other than Debian.  It is recommended that administrators
         running products which contain the gtk+ package check for an updated
         version of the software for their operating systems.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 911-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
November 29th, 2005                     http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package        : gtk+2.0
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE IDs        : CVE-2005-2975 CVE-2005-2976 CVE-2005-3186
BugTraq ID     : 15428
Debian Bug     : 339431

Several vulnerabilities have been found in gtk+2.0, the Gtk+ GdkPixBuf
XPM image rendering library.  The Common Vulnerabilities and Exposures
project identifies the following problems:

CVE-2005-2975

    Ludwig Nussel discovered an infinite loop when processing XPM
    images that allows an attacker to cause a denial of service via a
    specially crafted XPM file.

CVE-2005-2976

    Ludwig Nussel discovered an integer overflow in the way XPM images
    are processed that could lead to the execution of arbitrary code
    or crash the application via a specially crafted XPM file.

CVE-2005-3186

    "infamous41md" discovered an integer in the XPM processing routine
    that can be used to execute arbitrary code via a traditional heap
    overflow.

The following matrix explains which versions fix these problems:

             old stable (woody)    stable (sarge)   unstable (sid)
gdk-pixbuf     0.17.0-2woody3        0.22.0-8.1       0.22.0-11
gtk+2.0         2.0.2-5woody3         2.6.4-3.1        2.6.10-2

We recommend that you upgrade your gtk+2.0 packages.


Upgrade Instructions
- - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- - --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk+2.0_2.0.2-5woody3.dsc
      Size/MD5 checksum:      863 2c19c0b3843d6003e5561830e80aec28
    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk+2.0_2.0.2-5woody3.diff.gz
      Size/MD5 checksum:    48155 4035c2ee98fd6c0dde2c6d73d252c6e4
    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk+2.0_2.0.2.orig.tar.gz
      Size/MD5 checksum:  7835836 dc80381b84458d944c5300a1672c099c

  Architecture independent components:

    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-doc_2.0.2-5woody3_all.deb
      Size/MD5 checksum:  1379440 c1501024119c24ed506990384e52c660

  Alpha architecture:

    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.0.2-5woody3_alpha.deb
      Size/MD5 checksum:   221376 ed09b3dbbed147b7be1820048f832593
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk-common_2.0.2-5woody3_alpha.deb
      Size/MD5 checksum:     1104 ed3650ca259b534fc67c03a833a6a6f7
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.0.2-5woody3_alpha.deb
      Size/MD5 checksum:  1586026 7bda54cc76e8eefbb2395f397d3cc7c6
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.0.2-5woody3_alpha.deb
      Size/MD5 checksum:   595890 eca337b48cb5c2894bec95b0765ba65e
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dbg_2.0.2-5woody3_alpha.deb
      Size/MD5 checksum:  5878258 5ea4f1fad5efe6d3344bfc13b3addc65
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.0.2-5woody3_alpha.deb
      Size/MD5 checksum:   178326 285885ccfc39722d26950f0bada6c867

  ARM architecture:

    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.0.2-5woody3_arm.deb
      Size/MD5 checksum:   215182 5be1bc9cfaa8086536f6e3a165fd930e
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk-common_2.0.2-5woody3_arm.deb
      Size/MD5 checksum:     1100 0a29371fc6cac98e6545ff12b76d7847
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.0.2-5woody3_arm.deb
      Size/MD5 checksum:  1420128 02ddea0ef1473ea7775d912fb1e3b91c
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.0.2-5woody3_arm.deb
      Size/MD5 checksum:   595368 ff659a4540d523aac34decb6eff1f297
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dbg_2.0.2-5woody3_arm.deb
      Size/MD5 checksum:  2903986 02aa5794bcfa4aa9599f7ce6f28f8d6d
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.0.2-5woody3_arm.deb
      Size/MD5 checksum:   177280 309dd451617141fb027c9bcd033790ea

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.0.2-5woody3_i386.deb
      Size/MD5 checksum:   215480 c82e1af319f9f5949caab2938717b8e4
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk-common_2.0.2-5woody3_i386.deb
      Size/MD5 checksum:     1106 9d59680c9fa9ba60219f296d7959726b
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.0.2-5woody3_i386.deb
      Size/MD5 checksum:  1289508 e353ab4cf8ba7d8d3a85948d7160ce99
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.0.2-5woody3_i386.deb
      Size/MD5 checksum:   595390 82104b484be3b874e0af857cb37a790b
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dbg_2.0.2-5woody3_i386.deb
      Size/MD5 checksum:  2722172 be34f43c3d39e4df7c9ac4ec558d8e75
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.0.2-5woody3_i386.deb
      Size/MD5 checksum:   177124 0c6e637485b5925c10180483ed989ba4

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.0.2-5woody3_ia64.deb
      Size/MD5 checksum:   231234 1ca5b216a2567c33ac780304dba4be5d
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk-common_2.0.2-5woody3_ia64.deb
      Size/MD5 checksum:     1100 15327d5515c0d1a161cc5b61b86b22ce
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.0.2-5woody3_ia64.deb
      Size/MD5 checksum:  2077588 901d4767fb27fe07d7ed13725ccdd2b8
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.0.2-5woody3_ia64.deb
      Size/MD5 checksum:   596730 fd38392178172446f0bc716061be5209
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dbg_2.0.2-5woody3_ia64.deb
      Size/MD5 checksum:  9450266 a17f9d4a6dab77314a1b93549f10a3bd
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.0.2-5woody3_ia64.deb
      Size/MD5 checksum:   178702 a1f72b3672cd240cd911d6b3a451f80e

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.0.2-5woody3_hppa.deb
      Size/MD5 checksum:   220956 edd51b44537f51e470d8b2943c309952
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk-common_2.0.2-5woody3_hppa.deb
      Size/MD5 checksum:     1108 314dabcc5226bce8f63a8df5a252b584
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.0.2-5woody3_hppa.deb
      Size/MD5 checksum:  1718118 ca53b11b4294c94ff8c4f9f72437b6e7
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.0.2-5woody3_hppa.deb
      Size/MD5 checksum:   595688 50571f1e4793bdc9e169132defa1693a
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dbg_2.0.2-5woody3_hppa.deb
      Size/MD5 checksum:  3317050 fef66e14343d589e06cb244b6374bb38
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.0.2-5woody3_hppa.deb
      Size/MD5 checksum:   177778 718d0b01ad8a46e50dd28b7999a84231

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.0.2-5woody3_m68k.deb
      Size/MD5 checksum:   215174 2fb7d0afdfac137895e5fb343f6861f9
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk-common_2.0.2-5woody3_m68k.deb
      Size/MD5 checksum:     1106 fac1df7c4af7bc5b21680a3a6644ce67
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.0.2-5woody3_m68k.deb
      Size/MD5 checksum:  1331670 f55e5b35c28b2639eb13dc9bb32f1347
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.0.2-5woody3_m68k.deb
      Size/MD5 checksum:   595384 b36ebd35c01f490348ed9817079700d6
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dbg_2.0.2-5woody3_m68k.deb
      Size/MD5 checksum:  2833584 c18bb1755fb31d6da4f8093fe3c03060
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.0.2-5woody3_m68k.deb
      Size/MD5 checksum:   177022 a159f5a1121c260673aee75b2e5bea2d

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.0.2-5woody3_mips.deb
      Size/MD5 checksum:   216496 c38396a00cb755ddaddc8047329a664a
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk-common_2.0.2-5woody3_mips.deb
      Size/MD5 checksum:     1104 23407e61f23a3021ebd5871871013773
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.0.2-5woody3_mips.deb
      Size/MD5 checksum:  1384584 f740703f3077ecfce8c41f264a63cf1a
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.0.2-5woody3_mips.deb
      Size/MD5 checksum:   595738 0ae33fcedb001ade8548419a11492707
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dbg_2.0.2-5woody3_mips.deb
      Size/MD5 checksum:  4934158 4289111f54a5c6023dfe37b081a8a22a
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.0.2-5woody3_mips.deb
      Size/MD5 checksum:   177506 e9f92a71bd505feb58ffe7e131e4244e

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.0.2-5woody3_mipsel.deb
      Size/MD5 checksum:   216170 16933f5e26cf8aa335958943e4a8bd98
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk-common_2.0.2-5woody3_mipsel.deb
      Size/MD5 checksum:     1104 23657699ac0cced8d77adb7baffe1e78
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.0.2-5woody3_mipsel.deb
      Size/MD5 checksum:  1375132 9d605722fdab1a9dd5f9830af7da0e67
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.0.2-5woody3_mipsel.deb
      Size/MD5 checksum:   595706 648f12a77e737b06e14797407f6617ca
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dbg_2.0.2-5woody3_mipsel.deb
      Size/MD5 checksum:  4789004 398536470f317e5e2d3f50fdfaab1bc5
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.0.2-5woody3_mipsel.deb
      Size/MD5 checksum:   177480 12f2e0288223289532430e4c96f76fd2

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.0.2-5woody3_powerpc.deb
      Size/MD5 checksum:   215246 bac105a786f6085110017cbfbc001ffb
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk-common_2.0.2-5woody3_powerpc.deb
      Size/MD5 checksum:     1106 2e1df3200d2fa60f1480e8a62515d50d
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.0.2-5woody3_powerpc.deb
      Size/MD5 checksum:  1505610 9560968696c020d1d4b0d76fa07844d0
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.0.2-5woody3_powerpc.deb
      Size/MD5 checksum:   595432 12b496e50c8bd7c822d0e05fa378f6df
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dbg_2.0.2-5woody3_powerpc.deb
      Size/MD5 checksum:  2980722 d112daa322581d876b7875f05f02aeca
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.0.2-5woody3_powerpc.deb
      Size/MD5 checksum:   177308 b192c4a7e154ac33571a0c0b31a2f5ac

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.0.2-5woody3_s390.deb
      Size/MD5 checksum:   218074 f82c50d7854a0b52005d702f6f969d64
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk-common_2.0.2-5woody3_s390.deb
      Size/MD5 checksum:     1102 43c949763c6a96d0e6cb9ec1f24c388d
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.0.2-5woody3_s390.deb
      Size/MD5 checksum:  1447638 47636343d961b7a0a64c006dd97a15a2
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.0.2-5woody3_s390.deb
      Size/MD5 checksum:   595634 097a1c2b9090ede08fd57cd7c4b7c0bd
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dbg_2.0.2-5woody3_s390.deb
      Size/MD5 checksum:  3004574 56fbb2eb95210ce8547ccbaab380df19
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.0.2-5woody3_s390.deb
      Size/MD5 checksum:   177374 d6e449c54fa3ae768932382b09801ed8

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.0.2-5woody3_sparc.deb
      Size/MD5 checksum:   216190 70d05edded855a56b8ed92b735a54e1b
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk-common_2.0.2-5woody3_sparc.deb
      Size/MD5 checksum:     1104 35d308fd4d0171f8363f09cfce189f63
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.0.2-5woody3_sparc.deb
      Size/MD5 checksum:  1434226 7b892592d104c9965240d6ac66bca9ba
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.0.2-5woody3_sparc.deb
      Size/MD5 checksum:   595324 1392262c2a82832aae38b5c78f04f3bb
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dbg_2.0.2-5woody3_sparc.deb
      Size/MD5 checksum:  2872174 6ead4c78c5cc9c008cd4f05ab3823ba3
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.0.2-5woody3_sparc.deb
      Size/MD5 checksum:   177182 2be94de14832d7bf602c942fea220204


Debian GNU/Linux 3.1 alias sarge
- - --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk+2.0_2.6.4-3.1.dsc
      Size/MD5 checksum:     2000 876d42d456f4c65949fe326d4603d0a6
    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk+2.0_2.6.4-3.1.diff.gz
      Size/MD5 checksum:    49387 743d43246b74d208e704b0a8212625df
    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk+2.0_2.6.4.orig.tar.gz
      Size/MD5 checksum: 16354198 a3ab72c9c80384fb707b992eb8b43c13

  Architecture independent components:

    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.6.4-3.1_all.deb
      Size/MD5 checksum:  2983652 b84d91a0e62bc5294208e39a10d8f875
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-doc_2.6.4-3.1_all.deb
      Size/MD5 checksum:  2317798 2b12f72ddc801222745fba5784f0d30a

  Alpha architecture:

    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.1_alpha.deb
      Size/MD5 checksum:    62274 8efa86fa72b71c8e1ffdcf569bdd3bf9
    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.1_alpha.deb
      Size/MD5 checksum:   268572 aa3ae47b77c14ae4e1763c8199994264
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.1_alpha.deb
      Size/MD5 checksum:  2463284 b46cb55a251b626f39c88484175a4eda
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.1_alpha.deb
      Size/MD5 checksum: 17691386 e42711f63e75be8961dd277a882c6331
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.1_alpha.deb
      Size/MD5 checksum:    20884 a150efa24ea5521aac282fb289f7cb90
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.1_alpha.deb
      Size/MD5 checksum:  8475038 57a1cdf6dd1a43188bdab145f472ee75

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.1_amd64.deb
      Size/MD5 checksum:    55272 4807db987b4f1ae1a1ce83f995e15b85
    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.1_amd64.deb
      Size/MD5 checksum:   263204 ec67df85400b5970d1d983928537e5cf
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.1_amd64.deb
      Size/MD5 checksum:  2199236 84e0e79ee05b3f8368e28a3f7566df45
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.1_amd64.deb
      Size/MD5 checksum: 17653866 b0c569bd51812ed574e59095637d6e73
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.1_amd64.deb
      Size/MD5 checksum:    19672 6909052aa7ba8ee968b58b8e89bf2388
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.1_amd64.deb
      Size/MD5 checksum:  7615034 65cf59aefee1022990492a18d4a132ab

  ARM architecture:

    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.1_arm.deb
      Size/MD5 checksum:    52910 b44bfd00c91685e787729ab6e3f7e9a6
    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.1_arm.deb
      Size/MD5 checksum:   255640 1e9e352aeaf2652cfe18dcfa69668543
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.1_arm.deb
      Size/MD5 checksum:  2042744 f23c0f10108b093dd7159f2fc250f54e
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.1_arm.deb
      Size/MD5 checksum: 17599402 b2db72cde1646ff9c137db8d4c519e86
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.1_arm.deb
      Size/MD5 checksum:    18138 f77d55c822f498beefb001ec9cc469fa
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.1_arm.deb
      Size/MD5 checksum:  7478104 89254e98a3da4f85de96a84b927cbde9

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.1_i386.deb
      Size/MD5 checksum:    51142 54ac82ff996e06087721a12edca85ca0
    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.1_i386.deb
      Size/MD5 checksum:   260184 9562defc5dd5d78d3eac97ac79c0f1b6
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.1_i386.deb
      Size/MD5 checksum:  2097270 8dedb3a4d88d4aeb64f0b3be221b25e2
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.1_i386.deb
      Size/MD5 checksum: 17534636 1f90e641d602fb9aef7233c8f2fdc374
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.1_i386.deb
      Size/MD5 checksum:    18194 eb658bed31f5fa07d5ac7fe194dbd50e
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.1_i386.deb
      Size/MD5 checksum:  7234930 bb53cc8a482cf455ea1b0c913d6cd2cb

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.1_ia64.deb
      Size/MD5 checksum:    68508 d73110728702e8c59323435310b78aa2
    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.1_ia64.deb
      Size/MD5 checksum:   276954 94f3ec8cdf10daa527e65993f39834ad
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.1_ia64.deb
      Size/MD5 checksum:  2894720 05a6507d6de9eaebd36168a293b8077d
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.1_ia64.deb
      Size/MD5 checksum: 17741224 ad54e2f45926cd52618f0eecdd9ebe34
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.1_ia64.deb
      Size/MD5 checksum:    22406 bc869ec76246419c8d0921b8cd79942b
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.1_ia64.deb
      Size/MD5 checksum:  8622734 06e087a2328df617cc742e301df62753

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.1_hppa.deb
      Size/MD5 checksum:    60060 99a7e167fcba943ebeff9f4268055623
    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.1_hppa.deb
      Size/MD5 checksum:   263712 2cbbaede3e2498c6a7a27cf6b36186e2
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.1_hppa.deb
      Size/MD5 checksum:  2464528 bbf763c89d4f57fcd9e00b679d5d28ac
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.1_hppa.deb
      Size/MD5 checksum: 17801132 f1ee34b603b0fd82d0f5c884a80b65c3
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.1_hppa.deb
      Size/MD5 checksum:    19744 13930708ce9c937d039755ee09a65324
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.1_hppa.deb
      Size/MD5 checksum:  8408548 321bc004724d528e249865c03a4e6aab

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.1_m68k.deb
      Size/MD5 checksum:    47752 8721dd7e1931aefd72ff6c23e667355a
    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.1_m68k.deb
      Size/MD5 checksum:   255414 b8e6fd4222ca20dec668bfab34024211
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.1_m68k.deb
      Size/MD5 checksum:  2045046 a74b3ecc5d12d6566bb3def13eea2ee4
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.1_m68k.deb
      Size/MD5 checksum: 17822784 dccea1d9ae943c4efaf1f556c5e7d16c
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.1_m68k.deb
      Size/MD5 checksum:    18100 e2fcdfba8eae770d0d091a16147b02be
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.1_m68k.deb
      Size/MD5 checksum:  7584802 a8f06db2e97fdca5d7131641cb87e6fc

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.1_mips.deb
      Size/MD5 checksum:    55698 2e233ae546e0e6bd0b0b0acdb97dc280
    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.1_mips.deb
      Size/MD5 checksum:   259924 3290adf3c203e0d44ba2a80f8bbb4f6e
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.1_mips.deb
      Size/MD5 checksum:  2122598 205e050434251cc386a5ed78f1be4dec
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.1_mips.deb
      Size/MD5 checksum: 17885036 ef05b92517ee66fea11ad51e8737d9b6
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.1_mips.deb
      Size/MD5 checksum:    22858 58f33e26cba9e2c570aa3f71c4a86d1b
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.1_mips.deb
      Size/MD5 checksum:  8298762 f5eb185ce2ff53a530ee35b7aadd0d69

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.1_mipsel.deb
      Size/MD5 checksum:    55630 3ffbc3c391c376a88b59127dbd3d9811
    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.1_mipsel.deb
      Size/MD5 checksum:   259836 605358dfcd79e6d26af498a71266df91
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.1_mipsel.deb
      Size/MD5 checksum:  2123080 91894a08c3dc6607e27c373281b6d9c8
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.1_mipsel.deb
      Size/MD5 checksum: 17651848 1db2645552e19d37204c58a671ef89b6
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.1_mipsel.deb
      Size/MD5 checksum:    22924 d6f5ba287f9569a3c45d14253895cf22
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.1_mipsel.deb
      Size/MD5 checksum:  7745414 985800b5a5e3ffab531efefa2b896d2b

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.1_powerpc.deb
      Size/MD5 checksum:    56914 ab390a6e0de776bfe600d9fda732152a
    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.1_powerpc.deb
      Size/MD5 checksum:   260204 e89efb3f0c1b01d1230efbf4e40c7e8b
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.1_powerpc.deb
      Size/MD5 checksum:  2187944 66fc71b309ffa82890c607cd99a4fdf2
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.1_powerpc.deb
      Size/MD5 checksum: 28593970 dc9734cbb0718815e33808ca4f82a143
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.1_powerpc.deb
      Size/MD5 checksum:    22188 1e9a28597a9b214424878199b40e9fef
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.1_powerpc.deb
      Size/MD5 checksum:  8260248 d9407df720a9bc7ebfdfea5e9be20a2d

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.1_s390.deb
      Size/MD5 checksum:    55302 5a77b24f45d5a31c0cdd4ad24a3e0666
    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.1_s390.deb
      Size/MD5 checksum:   262564 75f285e192a63e8342fcd59f7e4b503f
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.1_s390.deb
      Size/MD5 checksum:  2294784 4781127b291fe5ece91dc62c32f89757
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.1_s390.deb
      Size/MD5 checksum: 18179652 087628d587f2c29d5a996778d99f1352
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.1_s390.deb
      Size/MD5 checksum:    19580 002d9074502272e35fb17f26cd1497a1
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.1_s390.deb
      Size/MD5 checksum:  8354106 f86a8301975bbd943bba7af3bb625ae3

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.1_sparc.deb
      Size/MD5 checksum:    50952 0670511a0028098bb2b7e8a91d195220
    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.1_sparc.deb
      Size/MD5 checksum:   256562 d35492a1f6de84c96ea0f31ebf250c4c
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.1_sparc.deb
      Size/MD5 checksum:  2137976 d2d31e848e05dc062336f80d3bdb310a
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.1_sparc.deb
      Size/MD5 checksum: 17714380 0ae0a52d3c00e951b1b9d737d94d19a5
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.1_sparc.deb
      Size/MD5 checksum:    17894 b9628edefc91fa4101780b56c69c86a8
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.1_sparc.deb
      Size/MD5 checksum:  7951126 87b73953c3fa278472e0b4150c160326


  These files will probably be moved into the stable distribution on
  its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDjHaQW5ql+IAeqTIRAlMLAKCAekILuNT3EybPcdy7e2mx799J8ACgrS3N
77qFF4Y0NUfb3lc3o3fYIRo=
=VBiG
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBQ4z5ZSh9+71yA2DNAQLSqgQAnqtrDhCOboWTUxys309SLui9Rj1DDQoQ
onjSABZVcJq9m6PxyYNSyMnA5LTkia7d2vicivuORxeB5K5DAHAEoV2ZYLujOkum
/RMNFKcGDesHG+wVXlP4VRUWZRVR85hI/bTnUNz2Mnrx8q07exyJ7RYeExwAH0ys
pPn37mgyiMI=
=lA7J
-----END PGP SIGNATURE-----