I see that Ubuntu Linux just released patched lcms 1.18 binaries for
CVE-2009-0073
(http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-0073) whcih
supposedly is about lcms.
This is what the Ubuntu's update tool says about the patch:
* debian/patches/CVE-2009-0793.dpatch: SECURITY UPDATE: (LP: #700198)
- Fix DoS via a crafted image that triggers execution of incorrect
code for "transformations of monochrome profiles."
- CVE-2009-0073
Can anyone share the details of this so that we can make sure that the
lcms we bundle in our applications is secure?
Thanks,
Bob
--
Bob Friesenhahn
bfrie...@simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer, http://www.GraphicsMagick.org/
------------------------------------------------------------------------------
Protect Your Site and Customers from Malware Attacks
Learn about various malware tactics and how to avoid them. Understand
malware threats, the impact they can have on your business, and how you
can protect your company and customers by using code signing.
http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________
Lcms-user mailing list
Lcms-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lcms-user
