Multiple security issues were addressed in the imlib2-1.4.7 version. Original bug report: http://seclists.org/oss-sec/2016/q1/162 CVE assignment: http://seclists.org/oss-sec/2016/q1/182 Upstream git patches: CVE-2014-9762, segmentation fault on images without colormap: https://git.enlightenment.org/legacy/imlib2.git/commit/?h=v1.4.7&id=39641e74a560982fbf93f29bf96b37d27803cb56 CVE-2014-9763, divison-by-zero crash: https://git.enlightenment.org/legacy/imlib2.git/commit/?h=v1.4.7&id=c21beaf1780cf3ca291735ae7d58a3dde63277a2 CVE-2014-9764, segmentation fault when opening specifically crafted input: https://git.enlightenment.org/legacy/imlib2.git/commit/?h=v1.4.7&id=1f9b0b32728803a1578e658cd0955df773e34f49
Created imlib2 tracking bugs for this issue: Affects: fedora-all [bug 1301615] Affects: epel-6 [bug 1301616] Affects: epel-7 [bug 1301617]
There is no ABI incompatibility between 1.4.6 and 1.4.7 so it should be OK to rebase.
imlib2-1.4.7-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
imlib2-1.4.7-1.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.