#2697: Imlib2-1.4.2 and BLFS-6.3.
-------------------------------------+--------------------------------------
Reporter: a...@… | Owner: blfs-b...@…
Type: task | Status: new
Priority: high | Milestone: 6.4
Component: BOOK | Version: SVN
Severity: major | Keywords:
-------------------------------------+--------------------------------------
BLFS-6.3 release shipped with a vulnerable version of Imlib2.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2426
https://bugzilla.redhat.com/show_bug.cgi?id=449073#c4
http://bugs.gentoo.org/223965
The solution was either to upgrade to 1.4.1 or to apply the patch listed
in fedora's bug report or to this direct link from gentoo:
http://sources.gentoo.org/viewcvs.py/*checkout*/gentoo-x86/media-
libs/imlib2/files/imlib2-1.4.0-CVE-2008-2426.patch
This would be a perfect candidate for errata, but (unfortunately) another
vulnerability discovered recently by Julien Danjou (author of the awesome
window manager), see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5187
This was got addressed by upstream.
http://trac.enlightenment.org/e/ticket/136
and the fix, here:
http://trac.enlightenment.org/e/changeset/37744
We can handle the update for the development BLFS, but what about the
stable book?
--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/2697>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
--
http://linuxfromscratch.org/mailman/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
