Summary: | media-libs/imlib2 <1.4.0-r1 PNM and XPM Buffer Overflow Vulnerabilities (CVE-2008-2426) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Matthias Geerdsen (RETIRED) <vorlon> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | vapier |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://secunia.com/advisories/30401/ | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Matthias Geerdsen (RETIRED)
2008-05-28 15:22:26 UTC
upstream has been contacted by secunia btw public via $URL patch is supposed to be in CVS according to that advisory Patches from upstream CVS: https://bugzilla.redhat.com/show_bug.cgi?id=449073#c4 HTH ive added 1.4.0-r1 and imlib2-1.4.1.000-r1 to the tree ... while both should be fine for stable, i imagine people would be more comfortable with the former That was a straight-to-stable bump for 1.4.0-r1 ;-) So going directly to [glsa] imlib2-1.4.0-r1 isnt in stable ... (In reply to comment #6) > imlib2-1.4.0-r1 isnt in stable ... You are right. In that case, it seems there is a bug in adjutrix, because it actually outputs the version as stable: ... 1.4.0-r1 | + + + + + + + + + + + ~ | ... grep KEYWORDS proves you right: imlib2-1.4.0-r1.ebuild:KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sh ~sparc ~x86 ~x86-fbsd" Arches, please test and mark stable: =media-libs/imlib2-1.4.0-r1 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 release sh sparc x86" x86 stable ppc64 stable Stable for HPPA. alpha/ia64/sparc stable amd64 stable ppc stable Fixed in release snapshot. GLSA request filed. GLSA 200806-03 |