Summary: | =media-libs/imlib2-1.4.3: IMAGE_DIMENSIONS_OK heap-based buffer overflows (CVE-2010-0991) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Alex Legler (RETIRED) <a3li> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | ||
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | ~2 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 318761 | ||
Bug Blocks: |
Description
Alex Legler (RETIRED)
2010-04-22 17:32:15 UTC
According to RedHat [1], only 1.4.3 is affected. There is not yet an upstream release, only a fix in SVN. I think we can wait until that new release is out. [1] https://bugzilla.redhat.com/show_bug.cgi?id=584885 imlib2-1.4.4 is now in the tree It would be nice to punt 1.4.3, this can be closed afterwards, as a vulnerable version was never stable. (In reply to comment #3) > It would be nice to punt 1.4.3, this can be closed afterwards, as a vulnerable > version was never stable. > Vapier, is this possible? Thank you. ive punted everything older than 1.4.4 (In reply to comment #5) > ive punted everything older than 1.4.4 > Great, thank you. Closing noglsa. |