--------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2006-174479 Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=174479 2006-02-23 --------------------------------------------------------------------- Name : libungif Versions : rh73: libungif-4.1.0-10.2.legacy Versions : rh9: libungif-4.1.0-15.2.legacy Versions : fc1: libungif-4.1.0-16.2.legacy Versions : fc2: libungif-4.1.0-17.3.legacy Summary : A library for manipulating GIF format image files. Description : The libungif package contains a shared library of functions for loading and saving GIF format image files. The libungif library can load any GIF file, but it will save GIFs only in uncompressed format; it will not use the patented LZW compression used to save "normal" compressed GIF files. --------------------------------------------------------------------- Update Information: Updated libungif packages that fix two security issues are now available. The libungif package contains a shared library of functions for loading and saving GIF format image files. Several bugs in the way libungif decodes GIF images were discovered. An attacker could create a carefully crafted GIF image file in such a way that it could cause an application linked with libungif to crash or execute arbitrary code when the file is opened by a victim. The Common Vulnerabilities and Exposures project has assigned the names CVE-2005-2974 and CVE-2005-3350 to these issues. All users of libungif are advised to upgrade to these updated packages, which contain backported patches that resolve these issues. --------------------------------------------------------------------- Changelogs rh73: * Wed Feb 22 2006 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 4.1.0-10.2.legacy - Added missing XFree86-devel, netpbm-devel and texinfo to BuildRequires - Added patch from RHEL to get librle in * Sun Feb 19 2006 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 4.1.0-10.1.legacy - Added patch for CVE-2005-2974 and CVE-2005-3350 rh9: * Wed Feb 22 2006 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 4.1.0-15.2.legacy - Added missing XFree86-devel, netpbm-devel and texinfo to BuildRequires - Added patch from RHEL to get librle in * Sun Feb 19 2006 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 4.1.0-15.1.legacy - Added patch to fix CVE-2005-2974 and CVE-2005-3350 fc1: * Thu Feb 23 2006 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 4.1.0-16.2.legacy - Added missing XFree86-devel to BuildRequires * Sun Feb 19 2006 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 4.1.0-16.1.legacy - Added patch to fix CVE-2005-2974 and CVE-2005-3350 fc2: * Thu Feb 23 2006 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 4.1.0-17.3.legacy - Added missing xorg-x11-devel to BuildRequires * Sun Feb 19 2006 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 4.1.0-17.2.legacy - Added patch to fix CVE-2005-2974 and CVE-2005-3350 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) rh73: 540bf946dff308b065de73d7ce6ab9eb8d8c504a redhat/7.3/updates-testing/i386/libungif-4.1.0-10.2.legacy.i386.rpm 840791ef661042f779275b7c835760ab521a8d80 redhat/7.3/updates-testing/i386/libungif-devel-4.1.0-10.2.legacy.i386.rpm 81f2ed8f2bae2785ec2820234875b870f583c7ce redhat/7.3/updates-testing/i386/libungif-progs-4.1.0-10.2.legacy.i386.rpm 8e039159be2bf479bf2bdb84ebadc2a364b3bd06 redhat/7.3/updates-testing/SRPMS/libungif-4.1.0-10.2.legacy.src.rpm rh9: c78cfe7b9a7e46d45865fcebad0956efb8962970 redhat/9/updates-testing/i386/libungif-4.1.0-15.2.legacy.i386.rpm 1b8a2ff811fca4b56850adfc5fc602bd140876d8 redhat/9/updates-testing/i386/libungif-devel-4.1.0-15.2.legacy.i386.rpm 35f6365684cec0da676b5c5fea9bdf2e9863d1ff redhat/9/updates-testing/i386/libungif-progs-4.1.0-15.2.legacy.i386.rpm cb023ca008db9d81ad6d730cb714cb1f51ea97f3 redhat/9/updates-testing/SRPMS/libungif-4.1.0-15.2.legacy.src.rpm fc1: 351c84419dfff38690db6f343fa91a41e6b2af1e fedora/1/updates-testing/i386/libungif-4.1.0-16.2.legacy.i386.rpm 72af8bc46a9deb31ede1fc773866e67f20f0da0b fedora/1/updates-testing/i386/libungif-devel-4.1.0-16.2.legacy.i386.rpm 3d36816c8ec4479647419402be97568fade3088e fedora/1/updates-testing/i386/libungif-progs-4.1.0-16.2.legacy.i386.rpm 92a4859d10e58f5abc85e7e22c89e4cf4911fbf0 fedora/1/updates-testing/SRPMS/libungif-4.1.0-16.2.legacy.src.rpm fc2: 3a87b57220b6b788150d240977774dc54f6732fe fedora/2/updates-testing/i386/libungif-4.1.0-17.3.legacy.i386.rpm c2d7e51e31ecb48546712d0c6f9998601af6daec fedora/2/updates-testing/i386/libungif-devel-4.1.0-17.3.legacy.i386.rpm fbde1aceba27f12aacb41c8acbe2cf58a59cc121 fedora/2/updates-testing/i386/libungif-progs-4.1.0-17.3.legacy.i386.rpm 609e3081132c7dca0da32f631e5ec4117df51265 fedora/2/updates-testing/SRPMS/libungif-4.1.0-17.3.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla.
Attachment:
signature.asc
Description: OpenPGP digital signature
-- fedora-legacy-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-legacy-list
