Description of problem: Version of lcms as shipped in EPEL4 (lcms version 1.15) is affected by two security flaws: CVE-2008-5316 lcms: insufficient input validation in ReadEmbeddedTextTag CVE-2008-5317 lcms: unsigned -> signed integer cast issue in cmsAllocGamma Additional info: See parent bugs ("Blocks" BZ field) for further details and patches.
EPEL-4 has reached end of life and is no longer supported. Please retest your bug against EPEL-5 or EPEL-6 and re-open if the bug persists in the packages available in those releases, or file a new bug. See: http://lists.fedoraproject.org/pipermail/epel-announce/2012-February/000015.html