Description of problem: The first NULL pointer check in lcms-CVE-2009-0793.patch is in the wrong place, it's after the pointer is dereferenced. Version-Release number of selected component (if applicable): lcms-1.18-3.fc12 Additional info: lcms 1.19 was released recently which has that NULL pointer check in the correct location.
There is no advices from lcms upsteam about this CVE yet. lcms 1.19 has been updated in Rawhide...
I have missunderstood the report...
lcms-1.19-1.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/lcms-1.19-1.fc12
lcms-1.19-1.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/lcms-1.19-1.fc11
lcms-1.19-1.fc11 has been pushed to the Fedora 11 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update lcms'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F11/FEDORA-2010-1268
lcms-1.19-1.fc12 has been pushed to the Fedora 12 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update lcms'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F12/FEDORA-2010-1274
lcms-1.19-1.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.
lcms-1.19-1.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.