Bug 479016 - Rebase netpbm package for RHEL4
Summary: Rebase netpbm package for RHEL4
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: netpbm
Version: 4.7
Hardware: All
OS: Linux
low
medium
Target Milestone: rc
: ---
Assignee: Jindrich Novy
QA Contact: BaseOS QE
URL:
Whiteboard:
Keywords: Rebase
: 476863 (view as bug list)
Depends On:
Blocks: RHEL4u8_relnotes 476863
TreeView+ depends on / blocked
 
Reported: 2009-01-06 15:26 UTC by Petr Šplíchal
Modified: 2016-06-01 01:37 UTC (History)
5 users (show)

(edit)
The netpbm package has been updated to fix the following bugs:  

* Several utilities shipped with netpbm did not accept files from standard input even though this method was in accordance with documentation. With this update, this issue has been resolved.

* Several utilities shipped with netpbm may have crashed during processing of image files. With this update, this issue has been resolved.
Clone Of:
(edit)
Last Closed: 2009-05-18 20:21:30 UTC


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2009:0990 normal SHIPPED_LIVE netpbm bug fix update 2009-05-18 13:50:08 UTC

Description Petr Šplíchal 2009-01-06 15:26:43 UTC
Recent testing discovered quite many failing tools in netpbm package on RHEL4. We should rebase to the latest version to cover all these issues.
For more details see the bug 476863 and fedora bug 476989.

Comment 1 Jindrich Novy 2009-01-07 13:07:38 UTC
+1 for it.

The old netpbm contains old and vulnerable libjasper. Given that a lot of work
has been done upstream with regards to implement a secure API for safe
allocations and lots of utilities were updated to use the secure API I'm all
for the rebase.

On the other hand upstream changed release policy and we get netpbm from their
stable branch, not latest one. So the rebase could be safe with minimal
regression risk.

Comment 2 RHEL Product and Program Management 2009-01-08 08:07:39 UTC
This request was evaluated by Red Hat Product Management for
inclusion, but this component is not scheduled to be updated in
the current Red Hat Enterprise Linux release. If you would like
this request to be reviewed for the next minor release, ask your
support representative to set the next rhel-x.y flag to "?".

Comment 6 Jindrich Novy 2009-01-14 18:13:58 UTC
*** Bug 476863 has been marked as a duplicate of this bug. ***

Comment 9 Radek Vokal 2009-01-22 08:59:49 UTC
Release note added. If any revisions are required, please set the 
"requires_release_notes" flag to "?" and edit the "Release Notes" field accordingly.
All revisions will be proofread by the Engineering Content Services team.

New Contents:
Multiple issues has been found in netpbm version currently shipped. It contains conversion utilities with faulty code with both usage and security consequences.

Utilities that convert from and to JPEG2000 image format contained code causing these utilities to crash when processing a malicious file. These
utilities are fixed by the update.

GIF image format converting utility may crash while processing a crafted image. This utility is now fixed.

Several utilities did not accept files from standard input even though this method was in accordance with documentation. These utilities are now fixed.

Several utilities crash during processing of image files because of faulty code. These utilities are now fixed.

Comment 14 Murray McAllister 2009-03-24 23:56:12 UTC
Release note updated. If any revisions are required, please set the 
"requires_release_notes"  flag to "?" and edit the "Release Notes" field accordingly.
All revisions will be proofread by the Engineering Content Services team.

Diffed Contents:
@@ -1,9 +1,4 @@
-Multiple issues has been found in netpbm version currently shipped. It contains conversion utilities with faulty code with both usage and security consequences.
-
-Utilities that convert from and to JPEG2000 image format contained code causing these utilities to crash when processing a malicious file. These
-utilities are fixed by the update.
-
-GIF image format converting utility may crash while processing a crafted image. This utility is now fixed.
+Multiple issues has been found in netpbm version currently shipped. It contains conversion utilities with faulty code.
 
 Several utilities did not accept files from standard input even though this method was in accordance with documentation. These utilities are now fixed.

Comment 15 Murray McAllister 2009-03-24 23:58:35 UTC
Release note updated. If any revisions are required, please set the 
"requires_release_notes"  flag to "?" and edit the "Release Notes" field accordingly.
All revisions will be proofread by the Engineering Content Services team.

Diffed Contents:
@@ -1,4 +1,4 @@
-Multiple issues has been found in netpbm version currently shipped. It contains conversion utilities with faulty code.
+Multiple issues have been found in netpbm version currently shipped. It contains conversion utilities with faulty code.
 
 Several utilities did not accept files from standard input even though this method was in accordance with documentation. These utilities are now fixed.

Comment 17 Ryan Lerch 2009-03-26 23:36:07 UTC
Release note updated. If any revisions are required, please set the 
"requires_release_notes"  flag to "?" and edit the "Release Notes" field accordingly.
All revisions will be proofread by the Engineering Content Services team.

Diffed Contents:
@@ -1,5 +1,5 @@
-Multiple issues have been found in netpbm version currently shipped. It contains conversion utilities with faulty code.
+The netpbm package has been updated to fix the following bugs:  
 
-Several utilities did not accept files from standard input even though this method was in accordance with documentation. These utilities are now fixed.
+* Several utilities shipped with netpbm did not accept files from standard input even though this method was in accordance with documentation. With this update, this issue has been resolved.
 
-Several utilities crash during processing of image files because of faulty code. These utilities are now fixed.+* Several utilities shipped with netpbm may have crashed during processing of image files. With this update, this issue has been resolved.

Comment 20 errata-xmlrpc 2009-05-18 20:21:30 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2009-0990.html


Note You need to log in before you can comment on or make changes to this bug.