Bug 153990
Summary: | libXpm CAN-2005-0605 | ||
---|---|---|---|
Product: | [Retired] Fedora Legacy | Reporter: | Dominic Hargreaves <dom> |
Component: | XFree86 | Assignee: | Fedora Legacy Bugs <bugs> |
Status: | CLOSED DUPLICATE | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | bugzilla.redhat, deisenst, pekkas, xgl-maint |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2006-02-16 05:16:57 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Dominic Hargreaves
2005-04-06 14:34:13 UTC
See #152923. I wonder which is the right place to track this. Is Fedora Legacy project going to actually include this fix, or can we just close the bug report "WONTFIX" with explanation to upgrade to FC4? I have opened bug 168264 for the CAN-2005-2495 multiple integer overflows issue. I suggest we close this bug as a DUPLICATE of bug 168264, so we can work on both XFree86 issues there. Updated RHEL packages have been issued that fix both CVE's, as is detailed there. CAN-2005-0665 is for the program /usr/X11R6/bin/xv, which is part of the xv-3.10a-23.i386.rpm (from xv-3.10a-23.src.rpm) package. The latest version of this package was supplied as part of the Powertools of Red Hat Linux 7.0, and appears to have never been distributed in any later Red Hat or Fedora Core distribution. Therefore CAN-2005-0665 is not an issue that Fedora Legacy will deal with. CAN-2005-0639 is a bug for xli / xloadimage *package), and is not a bug in XFree86/Xorg. Removing this CVE from the title. CAN-2005-0605 is being handled in Bug 168264. Closing this bug as a DUPE. *** This bug has been marked as a duplicate of 168264 *** |