Bug 214676

Summary: CVE-2006-480[6-9] imlib2 multiple vulnerabilities
Product: [Fedora] Fedora Reporter: Ville Skyttä <scop>
Component: imlib2Assignee: Hans de Goede <hdegoede>
Status: CLOSED NEXTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: 6CC: extras-qa, fedora-security-list
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-11-09 10:33:32 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ville Skyttä 2006-11-08 20:39:06 UTC 
Multiple vulnerabilities in imlib2:

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4806
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4807
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4808
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4809

Some of the reports mention "before 1.2.1", but at least some of the issues seem
to be present in 1.2.2 and 1.3.0 too.

FreeBSD's patches (apparently originally from Ubuntu) for these issues are
available at http://www.freebsd.org/cgi/cvsweb.cgi/ports/graphics/imlib2/files/
Comment 1 Hans de Goede 2006-11-09 10:33:32 UTC 
Thanks for reporting this. I've pushed imlib2 updates for FC-3 - FC-6 and devel
and I'll start writing an advisory right away.