Bug 152803
| Summary: | CAN-2004-0687,0688,0914, CAN-2005-0605 - lesstiff integer overflows in libXpm | ||
|---|---|---|---|
| Product: | [Retired] Fedora Legacy | Reporter: | Marc Deslauriers <marc.deslauriers> |
| Component: | lesstif | Assignee: | Fedora Legacy Bugs <bugs> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | bressers, pekkas, rob.myers |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0688 | ||
| Whiteboard: | 1, 2, LEGACY, rh73, rh90 | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2006-01-10 01:19:05 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
David Lawrence
2005-03-30 23:28:01 UTC
I'll mark RHL9 verified so we can move on with this unless others found problems with it.. I fear we need new packages for the new issues, see #135081.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Here are updated packages for rh73, rh9 and fc1: b7c53a00054b1d9fa2c8d36c3e88c014ba2a74ea 7.3/lesstif-0.93.18-2.3.legacy.i386.rpm 470a3ff220ba45d43c9a194860569a4f9523ab25 7.3/lesstif-0.93.18-2.3.legacy.src.rpm 76c8731e647cd5f66b2a58fa884e27375f25036f 7.3/lesstif-devel-0.93.18-2.3.legacy.i386.rpm 45360ee96607102354140aa6018c9a5eedd18f4e 9/lesstif-0.93.36-3.3.legacy.i386.rpm 363af3ebc117eb7ccb15348d780add61cffcffb5 9/lesstif-0.93.36-3.3.legacy.src.rpm 7c9a53409515303e92848204fd2629c837eb16b7 9/lesstif-devel-0.93.36-3.3.legacy.i386.rpm d63c5060121f6624370ad52d9d19c1c4ca683361 1/lesstif-0.93.36-4.3.legacy.i386.rpm 0b3aea406881dd78a610f53c84cf74237d6efa0b 1/lesstif-0.93.36-4.3.legacy.src.rpm a9b8c617d1e99ffa76b1b34821d50af9b9aa73f4 1/lesstif-devel-0.93.36-4.3.legacy.i386.rpm Changelog: * Wed Jul 27 2005 Marc Deslauriers <marcdeslauriers> 0.93.36-4.3.legacy - - Use the RHEL patches for CAN-2004-0667, CAN-2004-0668 and CAN-2004-0914 - - fixed possible libXpm overflows (CAN-2005-0605) http://www.infostrategique.com/linuxrpms/legacy/7.3/lesstif-0.93.18-2.3.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/9/lesstif-0.93.36-3.3.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/1/lesstif-0.93.36-4.3.legacy.src.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFC6BDULMAs/0C4zNoRAlzLAKCDw84u6KH/Qw8ebYSX57mrcXbjqACggM3V LD/lOWY//oDHxvVeo+0GQso= =uZb4 -----END PGP SIGNATURE----- I'll also move the tracking of FC2 here.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 QA w/ rpm-build-compare.sh: - spec file changes minimal - source integrity good - patches identical to RHEL21 +PUBLISH RHL73, RHL9, FC1 470a3ff220ba45d43c9a194860569a4f9523ab25 lesstif-0.93.18-2.3.legacy.src.rpm 363af3ebc117eb7ccb15348d780add61cffcffb5 lesstif-0.93.36-3.3.legacy.src.rpm 0b3aea406881dd78a610f53c84cf74237d6efa0b lesstif-0.93.36-4.3.legacy.src.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFC6HnsGHbTkzxSL7QRAqUZAKCGa8VJEXEbq07UCKAu5qOgZE2jtQCfYv0R bg9JYH5WClD60H03o7vp9j4= =2Iwk -----END PGP SIGNATURE----- *** Bug 135081 has been marked as a duplicate of this bug. *** Packages were pushed to updates-testing. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
++VERIFY for RHL 9
Package: lesstif-0.93.36-3.3.legacy.i386.rpm
SHA1 checksum a4a8e6e888234cb0751800c181430db4c7b524e6 verifies okay.
Package: lesstif-devel-0.93.36-3.3.legacy.i386.rpm
SHA1 checksum 0804ad3304bf12be7f1ab71a463e980f4ea17975 verifies okay.
Both packages installed fine. Tested some programs which depend on
lesstif and all seem to work fine.
Vote for release for RHL 9 ++VERIFY
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQFDfjh54jZRbknHoPIRAi+tAJ0ZHYyA1oIQokC/16VHq4kbIdW+wgCgovXx
Dkd48qwqJc0zlHu+QRUnKgQ=
=1ltH
-----END PGP SIGNATURE-----
Thanks! Timeout over. Packages were released to updates. |