Bug 479384 - lcms: multiple security flaws [EPEL-4]
Summary: lcms: multiple security flaws [EPEL-4]
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: lcms
Version: el4
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Andreas Bierfert
QA Contact: Fedora Extras Quality Assurance
Whiteboard: ActualBug
Depends On:
Blocks: CVE-2008-5316 CVE-2008-5317
TreeView+ depends on / blocked
Reported: 2009-01-09 08:47 UTC by Tomas Hoger
Modified: 2012-03-01 20:02 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2012-03-01 20:02:17 UTC
Type: ---

Attachments (Terms of Use)

Description Tomas Hoger 2009-01-09 08:47:05 UTC
Description of problem:
Version of lcms as shipped in EPEL4 (lcms version 1.15) is affected by two security flaws:

CVE-2008-5316 lcms: insufficient input validation in ReadEmbeddedTextTag
CVE-2008-5317 lcms: unsigned -> signed integer cast issue in cmsAllocGamma

Additional info:
See parent bugs ("Blocks" BZ field) for further details and patches.

Comment 1 Kevin Fenzi 2012-03-01 20:02:17 UTC
EPEL-4 has reached end of life and is no longer supported. 

Please retest your bug against EPEL-5 or EPEL-6 and re-open if the bug persists in the packages available in those releases, or file a new bug. 

See: http://lists.fedoraproject.org/pipermail/epel-announce/2012-February/000015.html

Note You need to log in before you can comment on or make changes to this bug.