CAN-2005-0605 Probably Affects: FC2 CAN-2005-0605 Probably Affects: FC3 +++ This bug was initially created as a clone of Bug #151639 +++ A potential buffer overflow from the use of unsigned integers has been found in the XPM processing library of xorg. https://bugs.freedesktop.org/show_bug.cgi?id=1920 Probably affects RHEL2.1 (not verified)
From User-Agent: XML-RPC ntp-4.2.0.a.20040617-5.FC3 has been pushed for FC3, which should resolve this issue. If these issues are still present in this version, then please re-open this bug.
From User-Agent: XML-RPC subversion-1.2.3-2.1 has been pushed for FC4, which should resolve this issue. If these issues are still present in this version, then please re-open this bug.
From User-Agent: XML-RPC lesstif-0.93-36-6.FC3.2 has been pushed for FC3, which should resolve this issue. If these issues are still present in this version, then please re-open this bug.
lesstif-0.93-36-6.FC3.2 source rpm indeed includes patch4 and patch5 which should close issues, and %changelog indeed claims so, but in %setup section of lesstif.spec these two patches are _not_ applied.
Michal, you work with Fedora Legacy, don't you? Since you've been in the source rpm, have you fixed that issue for your own system(s)? Would you like to submit a fixed .src.rpm for review so fixed packages can be released?
As it happens I do not any FC3 installation with lesstif installed and I do not have any packages which would directly fit elsewhere as well. I looked at source rpm for other reasons. With FC3 that fix is trivial. One needs to add in specs two missing '%patch ...' lines to apply existing patches and recompile. Other distributions are likely affected as well. These can be fixed by recompiling there the same sources although this will likely cause inconsequential version changes.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have created the following SRPM for lesstif: fc3: 162f165889b931a6e8f0d66a02fab82d4b0ec308 http://lance.maner.org/lesstif-0.93.36-6.FC3.3.legacy.src.rpm * Fri May 12 2006 Donald Maner <donjr> 0.93.36-6.FC3.3-legacy - add patches 4 and 5 to actually compile fixes for libXpm (#151640) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFEZN93pxMPKJzn2lIRAv2tAJ9/JRSPjLqRpS1TMYmqzWM5OxIbtwCcDtWq 7tkrKytMPfBi9NqdtOevHRw= =3Q9s -----END PGP SIGNATURE-----
Thanks for submitting the .src.rpm, Donald! -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Source QA for lesstif-0.93.36-6.FC3.3.legacy: 162f165889b931a6e8f0d66a02fab82d4b0ec308__lesstif-0.93.36-6.FC3.3.legacy.src.rpm - - sha1sums match QA w/ rpm-build-compare.sh: - - source integrity is good - - spec file changes minimal - - patches come from previous package where they were not applied. +PUBLISH FC3 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFEZnEvxou1V/j9XZwRApffAJ94sCLfz8N/S2/0keLilNxhW/Xt6gCg82gd QRTKSrNKhP55/tIA2S82Zo4= =L6+a -----END PGP SIGNATURE-----
Created attachment 130648 [details] Proposed updates-testing announcement Packages are built on the build-server. They need to be signed and pushed to updates-testing. Enclosed is the proposed announcement, which needs to have sha1sums added. Hope this helps.
QA_READY has been deprecated in favor of ON_QA. Please use ON_QA in the future. Moving to ON_QA.
Fedora Core 3 is now completely unmaintained. These bugs can't be fixed in that version. If the issue still persists in current Fedora Core, please reopen. Thank you, and sorry about this.