Mike Frysinger wrote: > On Saturday 14 June 2008, Hans de Goede wrote: >> Mike Frysinger wrote: >>> On Thursday 12 June 2008, Hans de Goede wrote: >>>> Some time ago there was a bunch of security advisories for various >>>> imlib2 image loaders. Some of the fixes which were circulating then >>>> never seem to have been applied to imlib2, the attached patch includes >>>> these fixes. >>> i'm pretty sure these were posted & rejected and things were fixed >>> another way >> It would be prudent to check again, I've been carying this patch for >> some time (should have submitted it earlier, sorry) and one of the 2 >> security issues that were fixed in 1.4.1, was already fixed in the >> Fedora packages through this patch (I removed this part of the patch >> before sumitting it). > > you'd have to document/elaborate on what each change fixes exactly
I didn't write those patches, as you said you've already seen them, they are the result from a previous audit of imlibs loaders. You claim all issues from thisn patch set have been fixed, I content that as one of the 2 security issues fixed in the latest imlib2 release was already fixed in this patch set, see: http://cvs.fedoraproject.org/viewcvs/rpms/imlib2/F-9/imlib2-1.3.0-loader_overflows.patch?rev=1.2 Which is this patch against 1.4.0 and notice how it already has the pnm issues fixed. So there might be merit in the other parts too. Regards, Hans ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ enlightenment-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
