Red Hat Bugzilla – Bug 212696
CVE-2006-4513: multiple integer overflows in wv < 1.2.3
Last modified: 2007-11-30 17:11:46 EST
Multiple integer overflows in wv < 1.2.3:
All FE versions seem affected.
Updated to 1.2.4 for FC-5, FC-6 and devel
FC-4 seems to have been updated too, but build failed, libgsf-devel >= 1.11.2
not found: http://buildsys.fedoraproject.org/build-status/job.psp?uid=20439
I don't see a devel build either in the failed or succeeded build lists.
Devel build re-requested.
wv really needs libgsf >= 1.13.0 (in version 1.2.3 too), and this does not exist
in FC-4. What should I do ?
Perhaps take a look if the fixes are easy to backport as a patch to an older
wv version instead of upgrading it?
If not, or if you're not (that) interested in FC-4 any more, I'd suggest
reverting the upgrade to 1.2.4 in the FC-4 branch in order to provide a clean
table for someone else who might be interested in taking a look at fixing it
for legacy distro version(s).
OK, the patch applies fine on version 1.0.3 and it builds fine. However, I have
no FC-4 system to test it on. Since it seems to be a small patch, I've requested
the build nevertheless.