Programs affected: lcms-1.13 Fixed in: lcms-1.15 Advisory release date: May 15th 2007. Severity: Probable remote compromise of systems which use the vulnerable lcms library to parse ICC profiles. Demo JPG: http://scary.beasts.org/misc/badicc4.jpg . Run with "jpegicc badicc4.jpg out.jpg". Seems to be a classic stack-based buffer overflow. CESA-2007-001 - rev 1 Chris Evans scarybeasts@gmail.com
printing please advise.
any news here?
"Fixed in: lcms-1.15" it says. lcms-1.15.ebuild:KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ppc64 s390 sh sparc x86 ~x86-fbsd" And mips is only arch left with said vulnerable version.
Thx drac for clearing that up. Closing as Fixed instead of Invalid as mips still need to mark stable.