[BLFS Trac] #2697: Imlib2-1.4.2 and BLFS-6.3.

BLFS Trac trac at linuxfromscratch.org
Tue Dec 23 23:12:40 PST 2008


#2697: Imlib2-1.4.2 and BLFS-6.3.
-------------------------------------+--------------------------------------
 Reporter:  ag@…                     |       Owner:  blfs-book@…                   
     Type:  task                     |      Status:  new                           
 Priority:  high                     |   Milestone:  6.4                           
Component:  BOOK                     |     Version:  SVN                           
 Severity:  major                    |    Keywords:                                
-------------------------------------+--------------------------------------
 BLFS-6.3 release shipped with a vulnerable version of Imlib2.

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2426
 https://bugzilla.redhat.com/show_bug.cgi?id=449073#c4
 http://bugs.gentoo.org/223965

 The solution was either to upgrade to 1.4.1 or to apply the patch listed
 in fedora's bug report or to this direct link from gentoo:

 http://sources.gentoo.org/viewcvs.py/*checkout*/gentoo-x86/media-
 libs/imlib2/files/imlib2-1.4.0-CVE-2008-2426.patch

 This would be a perfect candidate for errata, but (unfortunately) another
 vulnerability discovered recently by Julien Danjou (author of the awesome
 window manager), see:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5187

 This was got addressed by upstream.

 http://trac.enlightenment.org/e/ticket/136

 and the fix, here:

 http://trac.enlightenment.org/e/changeset/37744

 We can handle the update for the development BLFS, but what about the
 stable book?

-- 
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/2697>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch



More information about the blfs-book mailing list