|Summary:||CVE-2006-4513: multiple integer overflows in wv < 1.2.3|
|Product:||[Fedora] Fedora||Reporter:||Ville Skyttä <scop>|
|Component:||wv||Assignee:||Aurelien Bompard <gauret>|
|Status:||CLOSED NEXTRELEASE||QA Contact:||Fedora Extras Quality Assurance <extras-qa>|
|Target Milestone:||---||Keywords:||Reopened, Security|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2006-10-29 18:09:23 UTC||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
Description Ville Skyttä 2006-10-28 06:16:08 UTC
Multiple integer overflows in wv < 1.2.3: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4513 All FE versions seem affected.
Comment 1 Aurelien Bompard 2006-10-28 16:57:01 UTC
Updated to 1.2.4 for FC-5, FC-6 and devel
Comment 2 Ville Skyttä 2006-10-28 20:15:44 UTC
FC-4 seems to have been updated too, but build failed, libgsf-devel >= 1.11.2 not found: http://buildsys.fedoraproject.org/build-status/job.psp?uid=20439 I don't see a devel build either in the failed or succeeded build lists.
Comment 3 Aurelien Bompard 2006-10-29 07:04:48 UTC
Devel build re-requested. wv really needs libgsf >= 1.13.0 (in version 1.2.3 too), and this does not exist in FC-4. What should I do ?
Comment 4 Ville Skyttä 2006-10-29 09:26:10 UTC
Perhaps take a look if the fixes are easy to backport as a patch to an older wv version instead of upgrading it? If not, or if you're not (that) interested in FC-4 any more, I'd suggest reverting the upgrade to 1.2.4 in the FC-4 branch in order to provide a clean table for someone else who might be interested in taking a look at fixing it for legacy distro version(s).
Comment 5 Aurelien Bompard 2006-10-29 18:09:23 UTC
OK, the patch applies fine on version 1.0.3 and it builds fine. However, I have no FC-4 system to test it on. Since it seems to be a small patch, I've requested the build nevertheless.