Hi, libwmf is vulnerable to a integer overflow vuln, leading to the possible execution of arbitrary code by enticing a user to open a malicious WMF file. This package has no maintainer, no herd. I CC: antarus@ of the treecleaners team for information.
in [upstream] status, no action needed, waiting for an official patch or release.
There probably won't be any.
Created attachment 93067 [details, diff] Temporary fix for 0.2.8.3-r1.
Comment on attachment 93067 [details, diff] Temporary fix for 0.2.8.3-r1. Typo, sorry.
Created attachment 93069 [details, diff] Temporary fix for 0.2.8.3-r1.
Mandriva fixed this issue. Please provide an updated ebuild. We might need to call for a new maintainer on -dev.
maintainer wanted mail sent to -dev.
I'll have a look at it. It first has to go through the whole CSDB/OSS-QM procedure (file crawler, sysroot'ed crossbuilds, pkgconfig'ing, ...).
0.2.8.4 now in portage with fixes
Thx Mike. Arches please test and mark stable.
stable for x86
ppc64 stable
sparc stable.
Marked ppc
stable amd64.
alpha stable.
stable on hppa
GLSA 200608-17 arm, ia64, mips, sh don't forget to mark stable to benifit from the GLSA.
0.2.8.4 stable on mips.
Does not affect current (2008.0) release. Removing release.