FL uses an older version than we have in Portage, but we might be affected anyway.
Snipped from FL bug:
I've discovered more vulnerabilities in Imlib (1.9.13). In particular, it
appears to be affected by a variant of Chris Evans' libXpm flaw #1
(CAN-2004-0782, see http://scary.beasts.org/security/CESA-2004-003.txt). Look
at the attached image, it kills ee on my 7.3.
The patch in the RedHat bug is for .13, but seems to fix stuff present in .14 too.
Then there is this Fedora bug
with patches provided by Pavel Kankovsky. The patch for .14 seems to be mainly the same as we have in portage atm, but someone might want to check out the patches for .13, which seem to patch stuff present in .14 too.
gnome team, please verify, advise and apply patches if appropriate
patches can be found in the two bug reports mentioned in the above comments
Could not reproduce this, but I don't know what really makes use of imlib...
gnome1 apps probably.
>Could not reproduce this, but I don't know what really makes use of imlib...
>gnome1 apps probably.
a wide range of apps does:
I have added imlib-1.9.14-r3 to cvs ( with the patch from https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=138516 ). That combined with our patch takes care of the overflow issues. Archs please test and mark stable.
stable on amd64
stable on ppc
stable on ppc64
err didnt mean to close
Stable for sparc.
Stable on alpha.
stable on mips