Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2004-1025, CVE-2004-1026: imlib integer/buffer overflows https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235416 ------- Additional Comments From paul@xxxxxxxxxxxx 2007-04-10 13:15 EST ------- It is unfortunate that the security fixes that went into RHEL4 in November 2004 didn't make it into the Fedora Core package at that time. I've verified that the test pixmap crashes the current imblib (using qiv) and that the patch from Bug #138516 fixes it. I've now incorporated that patch in that bug into the 1.9.15-2 package on devel, and updated FC-6 from 1.9.13-* to 1.9.15-2, which I believe will resolve this problem for FC-6 onwards. FC-5 (1:1.9.13-27) is probably still vulnerable. According to comment #2 in Bug #138522 FC-4 included a fix but I've just tried the test pixmap and it crashes qiv on an FC-4 box. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. -- Fedora-security-list mailing list Fedora-security-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-security-list
