Hans de Goede wrote: > Mike Frysinger wrote: >> On Saturday 14 June 2008, Hans de Goede wrote: >>> Mike Frysinger wrote: >>>> On Thursday 12 June 2008, Hans de Goede wrote: >>>>> Some time ago there was a bunch of security advisories for various >>>>> imlib2 image loaders. Some of the fixes which were circulating then >>>>> never seem to have been applied to imlib2, the attached patch includes >>>>> these fixes. >>>> i'm pretty sure these were posted & rejected and things were fixed >>>> another way >>> It would be prudent to check again, I've been carying this patch for >>> some time (should have submitted it earlier, sorry) and one of the 2 >>> security issues that were fixed in 1.4.1, was already fixed in the >>> Fedora packages through this patch (I removed this part of the patch >>> before sumitting it). >> you'd have to document/elaborate on what each change fixes exactly > > I didn't write those patches, as you said you've already seen them, they are > the result from a previous audit of imlibs loaders. You claim all issues from > thisn patch set have been fixed, I content that as one of the 2 security > issues > fixed in the latest imlib2 release was already fixed in this patch set, see: > http://cvs.fedoraproject.org/viewcvs/rpms/imlib2/F-9/imlib2-1.3.0-loader_overflows.patch?rev=1.2 > > Which is this patch against 1.4.0 and notice how it already has the pnm > issues > fixed. So there might be merit in the other parts too. > I think this is now taken care of.
/Kim ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ enlightenment-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
