Bug 467838 (CVE-2008-6079)
| Summary: | CVE-2008-6079 imlib2: New upstream release 1.4.2 contains security updates | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Hans de Goede <hdegoede> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED RAWHIDE | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | andreas.bierfert, jlieskov, tsmetana |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://sourceforge.net/project/shownotes.php?release_id=634778 | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2008-11-12 07:18:08 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Hans de Goede
2008-10-21 07:44:18 UTC
(In reply to comment #0) > As the previous maintainer of imlib2 I'm subscribed to imlib2 releases (through > the subscribe to new release feature of sourceforge). > > As such I was attented to a new imlib2 release done today: 1.4.2: > http://sourceforge.net/project/showfiles.php?group_id=2&release_id=634778 > > I will unsubscribe from those releases now, I can advise you to subscribe :) Thank you. I've already subscribed. I will probably wait for the new devel (F-11) branch because I think too late to rebase imlib2 in F-10. (In reply to comment #1) > Thank you. I've already subscribed. I will probably wait for the new devel > (F-11) branch because I think too late to rebase imlib2 in F-10. Nope, better update now and also put updates in updates-testing for F-9 and F-8, quoting the (very verbose) release notes: "Notes: Various bugfixes and security updates" Note the *security updates*, also this is a minor release, so chances for regressions should be low. OK. Will do. Thanks again. imlib2-1.4.2-1.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/imlib2-1.4.2-1.fc9 imlib2-1.4.2-1.fc8 has been submitted as an update for Fedora 8. http://admin.fedoraproject.org/updates/imlib2-1.4.2-1.fc8 imlib2-1.4.2-1.fc8 has been pushed to the Fedora 8 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update imlib2'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F8/FEDORA-2008-9120 imlib2-1.4.2-1.fc9 has been pushed to the Fedora 9 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update imlib2'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F9/FEDORA-2008-9174 imlib2-1.4.2-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report. imlib2-1.4.2-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report. Common Vulnerabilities and Exposures assigned an identifier CVE-2008-6079 to the following vulnerability: Multiple unspecified vulnerabilities in imlib2 before 1.4.2 have unknown impact and attack vectors. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6079 http://sourceforge.net/project/shownotes.php?release_id=634778 http://www.securityfocus.com/bid/31880 http://www.frsirt.com/english/advisories/2008/2898 http://secunia.com/advisories/32354 |