Fedora Legacy Test Update Notification: libungif

Marc Deslauriers marcdeslauriers at videotron.ca
Fri Feb 24 00:09:13 UTC 2006 

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2006-174479
Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=174479
2006-02-23
---------------------------------------------------------------------

Name        : libungif
Versions    : rh73: libungif-4.1.0-10.2.legacy
Versions    : rh9: libungif-4.1.0-15.2.legacy
Versions    : fc1: libungif-4.1.0-16.2.legacy
Versions    : fc2: libungif-4.1.0-17.3.legacy
Summary     : A library for manipulating GIF format image files.
Description :
The libungif package contains a shared library of functions for
loading and saving GIF format image files. The libungif library can
load any GIF file, but it will save GIFs only in uncompressed format;
it will not use the patented LZW compression used to save
"normal" compressed GIF files.

---------------------------------------------------------------------
Update Information:

Updated libungif packages that fix two security issues are now
available.

The libungif package contains a shared library of functions for loading
and saving GIF format image files.

Several bugs in the way libungif decodes GIF images were discovered. An
attacker could create a carefully crafted GIF image file in such a way
that it could cause an application linked with libungif to crash or
execute arbitrary code when the file is opened by a victim. The Common
Vulnerabilities and Exposures project has assigned the names
CVE-2005-2974 and CVE-2005-3350 to these issues.

All users of libungif are advised to upgrade to these updated packages,
which contain backported patches that resolve these issues.

---------------------------------------------------------------------
Changelogs

rh73:
* Wed Feb 22 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
4.1.0-10.2.legacy
- Added missing XFree86-devel, netpbm-devel and texinfo to BuildRequires
- Added patch from RHEL to get librle in

* Sun Feb 19 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
4.1.0-10.1.legacy
- Added patch for CVE-2005-2974 and CVE-2005-3350

rh9:
* Wed Feb 22 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
4.1.0-15.2.legacy
- Added missing XFree86-devel, netpbm-devel and texinfo to BuildRequires
- Added patch from RHEL to get librle in

* Sun Feb 19 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
4.1.0-15.1.legacy
- Added patch to fix CVE-2005-2974 and CVE-2005-3350

fc1:
* Thu Feb 23 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
4.1.0-16.2.legacy
- Added missing XFree86-devel to BuildRequires

* Sun Feb 19 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
4.1.0-16.1.legacy
- Added patch to fix CVE-2005-2974 and CVE-2005-3350

fc2:
* Thu Feb 23 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
4.1.0-17.3.legacy
- Added missing xorg-x11-devel to BuildRequires

* Sun Feb 19 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
4.1.0-17.2.legacy
- Added patch to fix CVE-2005-2974 and CVE-2005-3350

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/
(sha1sums)

rh73:
540bf946dff308b065de73d7ce6ab9eb8d8c504a
redhat/7.3/updates-testing/i386/libungif-4.1.0-10.2.legacy.i386.rpm
840791ef661042f779275b7c835760ab521a8d80
redhat/7.3/updates-testing/i386/libungif-devel-4.1.0-10.2.legacy.i386.rpm
81f2ed8f2bae2785ec2820234875b870f583c7ce
redhat/7.3/updates-testing/i386/libungif-progs-4.1.0-10.2.legacy.i386.rpm
8e039159be2bf479bf2bdb84ebadc2a364b3bd06
redhat/7.3/updates-testing/SRPMS/libungif-4.1.0-10.2.legacy.src.rpm

rh9:
c78cfe7b9a7e46d45865fcebad0956efb8962970
redhat/9/updates-testing/i386/libungif-4.1.0-15.2.legacy.i386.rpm
1b8a2ff811fca4b56850adfc5fc602bd140876d8
redhat/9/updates-testing/i386/libungif-devel-4.1.0-15.2.legacy.i386.rpm
35f6365684cec0da676b5c5fea9bdf2e9863d1ff
redhat/9/updates-testing/i386/libungif-progs-4.1.0-15.2.legacy.i386.rpm
cb023ca008db9d81ad6d730cb714cb1f51ea97f3
redhat/9/updates-testing/SRPMS/libungif-4.1.0-15.2.legacy.src.rpm

fc1:
351c84419dfff38690db6f343fa91a41e6b2af1e
fedora/1/updates-testing/i386/libungif-4.1.0-16.2.legacy.i386.rpm
72af8bc46a9deb31ede1fc773866e67f20f0da0b
fedora/1/updates-testing/i386/libungif-devel-4.1.0-16.2.legacy.i386.rpm
3d36816c8ec4479647419402be97568fade3088e
fedora/1/updates-testing/i386/libungif-progs-4.1.0-16.2.legacy.i386.rpm
92a4859d10e58f5abc85e7e22c89e4cf4911fbf0
fedora/1/updates-testing/SRPMS/libungif-4.1.0-16.2.legacy.src.rpm

fc2:
3a87b57220b6b788150d240977774dc54f6732fe
fedora/2/updates-testing/i386/libungif-4.1.0-17.3.legacy.i386.rpm
c2d7e51e31ecb48546712d0c6f9998601af6daec
fedora/2/updates-testing/i386/libungif-devel-4.1.0-17.3.legacy.i386.rpm
fbde1aceba27f12aacb41c8acbe2cf58a59cc121
fedora/2/updates-testing/i386/libungif-progs-4.1.0-17.3.legacy.i386.rpm
609e3081132c7dca0da32f631e5ec4117df51265
fedora/2/updates-testing/SRPMS/libungif-4.1.0-17.3.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 191 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20060223/9684b82c/attachment.sig>

More information about the fedora-legacy-list mailing list