479384 – lcms: multiple security flaws [EPEL-4]

Bug 479384 - lcms: multiple security flaws [EPEL-4]

Summary: lcms: multiple security flaws [EPEL-4]

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Fedora EPEL
Classification:	Fedora
Component:	lcms
Sub Component:
Version:	el4
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Andreas Bierfert
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:	ActualBug
Depends On:
Blocks:	CVE-2008-5316 CVE-2008-5317
TreeView+	depends on / blocked

Reported:	2009-01-09 08:47 UTC by Tomas Hoger
Modified:	2012-03-01 20:02 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2012-03-01 20:02:17 UTC
Type:	---
Embargoed:

Attachments	(Terms of Use)

Description Tomas Hoger 2009-01-09 08:47:05 UTC

Description of problem:
Version of lcms as shipped in EPEL4 (lcms version 1.15) is affected by two security flaws:

CVE-2008-5316 lcms: insufficient input validation in ReadEmbeddedTextTag
CVE-2008-5317 lcms: unsigned -> signed integer cast issue in cmsAllocGamma

Additional info:
See parent bugs ("Blocks" BZ field) for further details and patches.

Comment 1 Kevin Fenzi 2012-03-01 20:02:17 UTC

EPEL-4 has reached end of life and is no longer supported. 

Please retest your bug against EPEL-5 or EPEL-6 and re-open if the bug persists in the packages available in those releases, or file a new bug. 

See: http://lists.fedoraproject.org/pipermail/epel-announce/2012-February/000015.html

Note You need to log in before you can comment on or make changes to this bug.