Thanks Cyrille, I was aware of that. The short history is, a guy called Adrea Barisani, claiming to represent some obscure security company called oCERT, was providing a patch to fix a "vulnerability" they found.
At the end, the oCERT company was just Andrea Barsiani who setup ocert in 2008 to get google sponsoring. The whole internet is now filled with hype about this "vulnerability", and in truth this "patch" breaks littlecms functionality, and probably opens some back door, so, please: DON'T USE PATCHES FROM UNTRUSTED SOURCES. I guess you were told something similar in school right? :-) The problem, if any, is restricted to a very specific architecture (x86, no DEP, crafted profile). With this patch lcms does not work at all. Please upgrade to 1.18 and let's forgot all this nasty stuff. Regards Marti Maria On 03/04/2009 11:03:51, Cyrille Berger (cber...@cberger.net) wrote: > Hi, > > > There have been recently a security alert on lcms 1.17, followed by a > patch (that is now applied by some of the major distributions, as far as I > know, FedoraCore, OpenSuSE and Ubuntu). > We have discovered that it triggered some errors when reading some > profiles in Krita (as far as I can see, it's profiles generated by lcms that might have the problem, or some of them), by upgrading to 1.18 (or downgrading to an unpatched version of 1.17), the problem did disappear. > > > So a little advice, if you or one of your user has started, recently, to experience some strange error with your application, related to color management/lcms, you might want to check what version of lcms he or you are using. > > > -- > Cyrille Berger ------------------------------------------------------------------------------ _______________________________________________ Lcms-user mailing list Lcms-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lcms-user
