Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 138522 - CAN-2004-1025 Multiple imlib issues. (CAN-2004-1026)
Summary: CAN-2004-1025 Multiple imlib issues. (CAN-2004-1026)
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: imlib
Version: 5
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Matthias Clasen
QA Contact:
URL:
Whiteboard: impact=moderate,public=20040916
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-11-09 19:15 UTC by Josh Bressers
Modified: 2007-12-18 15:27 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-12-18 15:27:26 UTC


Attachments (Terms of Use)

Description Josh Bressers 2004-11-09 19:15:46 UTC
Pavel Kankovsky of the fedora legacy project has reported multiple
issues in imlib.  This patch fixes a number of issue, the bulk of them
being integer overflows.

See bug 138516 for more information.

I believe this issue also affects FC2 as well.

Comment 1 Jonathan Blandford 2004-11-23 18:26:16 UTC
Built a package for these

Comment 2 Marius Andreiana 2005-08-20 06:36:21 UTC
Updates released for RH
http://www.linuxcompatible.org/RHSA-2004651-01_Updated_imlib_packages_fix_security_vulnerabilities_s38502.html

No updates for FC3:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/i386/

FC4 includes fix.

As this is quite old, leaving to Jonathan decision if there will be any updates
or just mark WONTFIX for fc3.

Comment 3 Marius Andreiana 2005-08-20 06:37:20 UTC
I mean Matthias, who is the bug owner.

Comment 4 Paul Howarth 2007-04-10 17:13:58 UTC
The test pixmap from Bug #138516 crashes qiv (an imlib-based image viewer) on
FC4 so it appears that Comment #2 is wrong about FC4 including a fix.

Whilst FC4 is no longer maintained, I believe FC5 is still vulnerable (I don't
have an FC5 box to test this). For FC6 onwards, imlib moved to Extras, where
this issue is  recorded in Bug #235416.

Comment 5 Tomas Hoger 2007-12-18 15:27:26 UTC
Fix is included in current Fedora imlib packages:

* Tue Apr 10 2007 Paul Howarth <paul@city-fan.org> 1:1.9.15-2
- add patch for CVE-2004-1025, CVE-2004-1026 (integer/buffer overflows)
  (#235416)

Fedora Core 5 is no longer maintained.  Closing this bug.


Note You need to log in before you can comment on or make changes to this bug.