542412 – bug in lcms-CVE-2009-0793.patch

Bug 542412 - bug in lcms-CVE-2009-0793.patch

Summary: bug in lcms-CVE-2009-0793.patch

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	lcms
Sub Component:
Version:	12
Hardware:	All
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Andreas Bierfert
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2009-11-29 18:16 UTC by Edward Sheldrake
Modified:	2010-02-20 00:28 UTC (History)
CC List:	2 users (show)
Fixed In Version:	lcms-1.19-1.fc11
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2010-02-20 00:08:32 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Edward Sheldrake 2009-11-29 18:16:08 UTC

Description of problem:
The first NULL pointer check in lcms-CVE-2009-0793.patch is in the wrong place, it's after the pointer is dereferenced.

Version-Release number of selected component (if applicable):
lcms-1.18-3.fc12

Additional info:
lcms 1.19 was released recently which has that NULL pointer check in the correct location.

Comment 1 Nicolas Chauvet (kwizart) 2009-11-30 22:08:35 UTC

There is no advices from lcms upsteam about this CVE yet.

lcms 1.19 has been updated in Rawhide...

Comment 2 Nicolas Chauvet (kwizart) 2010-01-28 23:13:37 UTC

I have missunderstood the report...

Comment 3 Fedora Update System 2010-01-28 23:15:16 UTC

lcms-1.19-1.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/lcms-1.19-1.fc12

Comment 4 Fedora Update System 2010-01-28 23:16:52 UTC

lcms-1.19-1.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/lcms-1.19-1.fc11

Comment 5 Fedora Update System 2010-02-01 01:11:53 UTC

lcms-1.19-1.fc11 has been pushed to the Fedora 11 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update lcms'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F11/FEDORA-2010-1268

Comment 6 Fedora Update System 2010-02-01 01:15:51 UTC

lcms-1.19-1.fc12 has been pushed to the Fedora 12 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update lcms'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F12/FEDORA-2010-1274

Comment 7 Fedora Update System 2010-02-20 00:08:27 UTC

lcms-1.19-1.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 8 Fedora Update System 2010-02-20 00:27:57 UTC

lcms-1.19-1.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.