Bug 135081
Summary: | CAN-2004-0688 integer overflows in libXpm (CAN-2004-0914) | ||
---|---|---|---|
Product: | [Retired] Fedora Legacy | Reporter: | Josh Bressers <bressers> |
Component: | lesstif | Assignee: | Fedora Legacy Bugs <bugs> |
Status: | CLOSED DUPLICATE | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | fc2 | CC: | mattdm, mjc, pekkas |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | LEGACY, 2, needsbuild | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2005-07-28 06:25:24 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 430515, 430516 |
Description
Josh Bressers
2004-10-08 15:03:11 UTC
Also see CAN-2004-0914 additional issues which were embargoed until Nov17 [Bulk move of FC2 bugs to Fedora Legacy. See <http://www.redhat.com/archives/fedora-announce-list/2005-April/msg00020.html>.] This was fixed for other FL releases in bug 152803. We need FC2 packages now. The fix was apparently committed to Fedora CVS, but was never released: http://cvs.fedora.redhat.com/viewcvs/rpms/lesstif/FC-2/lesstif.spec?rev=1.14&view=auto lesstif-0.93.15-4.AS21.5.src.rpm, which is a version from https://rhn.redhat.com/errata/RHSA-2005-473.html has patches for CAN-2004-0687, CAN-2004-0688, CAN-2004-0914 and CAN-2005-0605. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Here are updated packages for fc2: c0c5a26f9366488129f88bb96dde2b50403ccf63 lesstif-0.93.36-5.3.legacy.i386.rpm d5468d178f9d2dd00b4df62345ac3c62a82a7a27 lesstif-0.93.36-5.3.legacy.src.rpm b31a31b82e32adf6f32cc4504dfc4ed5f5d76a59 lesstif-devel-0.93.36-5.3.legacy.i386.rpm Changelog: * Tue Jul 26 2005 Marc Deslauriers <marcdeslauriers> 0.93.36-5.3.legacy - - fixed possible libXpm overflows (CAN-2005-0605) - - allow to write XPM files with absolute path names again * Fri Nov 26 2004 Thomas Woerner <twoerner> 0.93.36-6.FC2.1 - - fixed CAN-2004-0687 (integer overflows) and CAN-2004-0688 (stack overflows) in embedded Xpm library (#135080) - - latest Xpm patches: CAN-2004-0914 (#135081) http://www.infostrategique.com/linuxrpms/legacy/2/lesstif-0.93.36-5.3.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/2/lesstif-0.93.36-5.3.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/2/lesstif-devel-0.93.36-5.3.legacy.i386.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFC5rtwLMAs/0C4zNoRAgB5AKCKCvi25sHR45Sz3YRM6QyYAnaQkACfV+Dz hLYMN+U9oWViKWA7lEcf6g0= =i5Zm -----END PGP SIGNATURE----- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 QA w/ rpm-build-compare.sh: - spec file changes minimal - source integrity good - patches verified to come from FC2 CVS and RHEL21 lesstif update However, I'd like to get the latter two changes made to RHL73, RHL9, and FC1 as well. Could you respin the packages in #152803 and I'll give them a publish? (We could then continue track this under a single PR.) +PUBLISH FC2 d5468d178f9d2dd00b4df62345ac3c62a82a7a27 lesstif-0.93.36-5.3.legacy.src.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFC5yACGHbTkzxSL7QRAkkYAKDJmsOUtQFFmJO+wIADn5QUKLZBfgCcDK/Z VvLodGNHVHvi/C50FQnhzk8= =y4Bw -----END PGP SIGNATURE----- |