Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#52842 - [lcms2] Unresolved CVE-2016-10165
Attached to Project:
Arch Linux
Opened by Adam Lau (adamlau) - Saturday, 04 February 2017, 09:13 GMT
Last edited by Antonio Rojas (arojas) - Saturday, 04 February 2017, 18:37 GMT
Opened by Adam Lau (adamlau) - Saturday, 04 February 2017, 09:13 GMT
Last edited by Antonio Rojas (arojas) - Saturday, 04 February 2017, 18:37 GMT
|
DetailsDescription:
lcms2 should be patched for CVE-2016-10165. I have not noted any regressions with the commit patch at https://github.com/mm2/Little-CMS/commit/5ca71a7bc18b6897ab21d815d15e218e204581e2. Severity does not appear to have been officially calculated, but flagged as High based on the ability of the vulnerability to exploit the application remotely. Additional info: lcms2 2.8. Other versions may also be affected. |
This task depends upon
Closed by Antonio Rojas (arojas)
Saturday, 04 February 2017, 18:37 GMT
Reason for closing: Fixed
Additional comments about closing: lcms2 2.8-2
Saturday, 04 February 2017, 18:37 GMT
Reason for closing: Fixed
Additional comments about closing: lcms2 2.8-2