Bug 190324 (CVE-2006-1900)

Summary: CVE-2006-1900 multiple buffer overflows in amaya
Product: [Fedora] Fedora Reporter: Ville Skyttä <scop>
Component: amayaAssignee: Aurelien Bompard <gauret>
Status: CLOSED NEXTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 5CC: extras-qa
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-05-01 08:39:13 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ville Skyttä 2006-05-01 07:43:47 UTC 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1900

All FE branches affected, should be fixed in upstream 9.5+.  Interestingly,
%changelog of the FE amaya package says:

* Thu Apr 13 2006 Aurelien Bompard <gauret[AT]free.fr> 9.4-1
- upgrade to 9.5 to fix vulnerability

But the packages are still at 9.4.
Comment 1 Aurelien Bompard 2006-05-01 08:38:21 UTC 
/me is stupid, I forgot to update the version tag (but the tarball is version 9.5)
Fixed, and build requested for devel, FC-5 and FC-4
Comment 2 Ville Skyttä 2006-05-01 08:54:17 UTC 
Ah, ok.  By the way, 9.51 is out (which will probably cause Epoch bump needs
later: 9.4 < 9.5 < 9.51 > 9.6, so one could consider using 9.5.1 as the version
number if that update is ever put to the repo).
Comment 3 Aurelien Bompard 2006-05-01 08:58:32 UTC 
I orphaned this package since september 2005, so I'm going to update it for
security reasons, but that's all.