Bug 212696 - (CVE-2006-4513) CVE-2006-4513: multiple integer overflows in wv < 1.2.3
CVE-2006-4513: multiple integer overflows in wv < 1.2.3
Status: CLOSED NEXTRELEASE
Product: Fedora
Classification: Fedora
Component: wv (Show other bugs)
6
All Linux
medium Severity medium
: ---
: ---
Assigned To: Aurelien Bompard
Fedora Extras Quality Assurance
http://nvd.nist.gov/nvd.cfm?cvename=C...
: Reopened, Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-10-28 02:16 EDT by Ville Skyttä
Modified: 2007-11-30 17:11 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-10-29 13:09:23 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Ville Skyttä 2006-10-28 02:16:08 EDT
Multiple integer overflows in wv < 1.2.3: 
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4513

All FE versions seem affected.
Comment 1 Aurelien Bompard 2006-10-28 12:57:01 EDT
Updated to 1.2.4 for FC-5, FC-6 and devel
Comment 2 Ville Skyttä 2006-10-28 16:15:44 EDT
FC-4 seems to have been updated too, but build failed, libgsf-devel >= 1.11.2 
not found: http://buildsys.fedoraproject.org/build-status/job.psp?uid=20439

I don't see a devel build either in the failed or succeeded build lists.
Comment 3 Aurelien Bompard 2006-10-29 02:04:48 EST
Devel build re-requested.
wv really needs libgsf >= 1.13.0 (in version 1.2.3 too), and this does not exist
in FC-4. What should I do ?
Comment 4 Ville Skyttä 2006-10-29 04:26:10 EST
Perhaps take a look if the fixes are easy to backport as a patch to an older 
wv version instead of upgrading it?

If not, or if you're not (that) interested in FC-4 any more, I'd suggest 
reverting the upgrade to 1.2.4 in the FC-4 branch in order to provide a clean 
table for someone else who might be interested in taking a look at fixing it 
for legacy distro version(s).
Comment 5 Aurelien Bompard 2006-10-29 13:09:23 EST
OK, the patch applies fine on version 1.0.3 and it builds fine. However, I have
no FC-4 system to test it on. Since it seems to be a small patch, I've requested
the build nevertheless.

Note You need to log in before you can comment on or make changes to this bug.