FS#49162 - [libwmf] various security issues (CVE-2015-0848, CVE-2015-4588, CVE-2015-4695, CVE-2015-4696)
Attached to Project:
Arch Linux
Opened by Remi Gacogne (rgacogne) - Sunday, 01 May 2016, 14:02 GMT
Last edited by Levente Polyak (anthraxx) - Thursday, 22 December 2016, 20:56 GMT
Opened by Remi Gacogne (rgacogne) - Sunday, 01 May 2016, 14:02 GMT
Last edited by Levente Polyak (anthraxx) - Thursday, 22 December 2016, 20:56 GMT
|
Details
Hi,
Our libwmf package has been vulnerable for a while to various security issues (CVE-2015-0848, CVE-2015-4588, CVE-2015-4695, CVE-2015-4696), some of them leading to arbitrary code execution, and it is now very unlikely to see a new upstream release. Other distributions have patched with similar patches, and I think we should do the same. Here are the patches applied by the Fedora / Red Hat family, would you mind taking a look at them? http://pkgs.fedoraproject.org/cgit/rpms/libwmf.git/plain/libwmf-0.2.8.4-CVE-2015-0848+CVE-2015-4588.patch http://pkgs.fedoraproject.org/cgit/rpms/libwmf.git/plain/libwmf-0.2.8.4-CVE-2015-4695.patch http://pkgs.fedoraproject.org/cgit/rpms/libwmf.git/plain/libwmf-0.2.8.4-CVE-2015-4696.patch Let me know if I can help! |
This task depends upon
Closed by Levente Polyak (anthraxx)
Thursday, 22 December 2016, 20:56 GMT
Reason for closing: Fixed
Additional comments about closing: 0.2.8.4-14
Thursday, 22 December 2016, 20:56 GMT
Reason for closing: Fixed
Additional comments about closing: 0.2.8.4-14
Comment by Dan Fuhry (fuhry) -
Wednesday, 21 December 2016, 02:38 GMT
Integrated patches for all known CVEs.
libwmf-0.2.8.4-14.src.tar.gz
(5.9 KiB)
Comment by
Levente Polyak (anthraxx) -
Wednesday, 21 December 2016, 20:33 GMT
packaging it to staging for re rebuild (ABI change) and there wo
go