Pavel Kankovsky of the fedora legacy project has reported multiple
issues in imlib. This patch fixes a number of issue, the bulk of them
being integer overflows.
See bug 138516 for more information.
I believe this issue also affects FC2 as well.
Built a package for these
Updates released for RH
No updates for FC3:
FC4 includes fix.
As this is quite old, leaving to Jonathan decision if there will be any updates
or just mark WONTFIX for fc3.
I mean Matthias, who is the bug owner.
The test pixmap from Bug #138516 crashes qiv (an imlib-based image viewer) on
FC4 so it appears that Comment #2 is wrong about FC4 including a fix.
Whilst FC4 is no longer maintained, I believe FC5 is still vulnerable (I don't
have an FC5 box to test this). For FC6 onwards, imlib moved to Extras, where
this issue is recorded in Bug #235416.
Fix is included in current Fedora imlib packages:
* Tue Apr 10 2007 Paul Howarth <firstname.lastname@example.org> 1:1.9.15-2
- add patch for CVE-2004-1025, CVE-2004-1026 (integer/buffer overflows)
Fedora Core 5 is no longer maintained. Closing this bug.