[Bug 235416] CVE-2004-1025, CVE-2004-1026: imlib integer/buffer overflows
bugzilla at redhat.com
bugzilla at redhat.com
Tue Apr 10 17:15:45 UTC 2007
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: CVE-2004-1025, CVE-2004-1026: imlib integer/buffer overflows
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235416
------- Additional Comments From paul at city-fan.org 2007-04-10 13:15 EST -------
It is unfortunate that the security fixes that went into RHEL4 in November 2004
didn't make it into the Fedora Core package at that time.
I've verified that the test pixmap crashes the current imblib (using qiv) and
that the patch from Bug #138516 fixes it.
I've now incorporated that patch in that bug into the 1.9.15-2 package on devel,
and updated FC-6 from 1.9.13-* to 1.9.15-2, which I believe will resolve this
problem for FC-6 onwards. FC-5 (1:1.9.13-27) is probably still vulnerable.
According to comment #2 in Bug #138522 FC-4 included a fix but I've just tried
the test pixmap and it crashes qiv on an FC-4 box.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
More information about the Fedora-security-list
mailing list