CVE-2008-5187 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5187): The load function in the XPM loader for imlib2 1.4.2, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XPM file that triggers a "pointer arithmetic error" and a heap-based buffer overflow, a different vulnerability than CVE-2008-2426. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Patch has been applied upstream: svn diff -c 37744 http://svn.enlightenment.org/svn/e/trunk/imlib2
thanks for the easy-to-use link ... ive applied the patch to 1.4.2-r1 since this is the only change in 1.4.2 (which is current stable), moving 1.4.2-r1 to stable should be fairly trivial ...
Arches, please test and mark stable: =media-libs/imlib2-1.4.2-r1 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sh sparc x86"
ppc stable
Stable for HPPA.
alpha/arm/ia64/sparc/sh/x86 stable
ppc64 done
amd64 stable, although I failed and used cvs commit instead of repoman. Seems to be fixed now.
GLSA request filed.
GLSA 200812-23