On Mon, 25 May 2009 20:21:12 +0100 (BST) Mark J Cox wrote: > Hello Jake; Tomas Hoger has just posted the details of this issue in > the bug, see > https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2005-3350#c7 Thanks, Mark. I don't know much about CVE assignment and the like (but perhaps I should), but it would seem to me that the two CVEs from 2005 apply to libungif rather than giflib and that new CVEs should be created or applied for as it is a different package affected (though I assume they share much of the same code) ... it would also seem plausible that other distributions using giflib fell into the same hole ... or is this purely a Fedora/RHEL issue because they stuck with giflib 4.1.3? jake -- Jake Edge - LWN - jake@xxxxxxx - http://lwn.net -- Fedora-security-list mailing list Fedora-security-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-security-list
