Dave Hodgins
2012-10-16 02:14:54 UTC
https://bugs.mageia.org/show_bug.cgi?id=7464
Dave Hodgins <davidwhodgins-***@public.gmane.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status Whiteboard|MGA1TOO has_procedure |MGA1TOO has_procedure
|mga2-64-OK |mga2-64-OK MGA2-32-OK
| |MGA1-64-OK MGA1-32-OK
Keywords| |validated_update
CC| |davidwhodgins-***@public.gmane.org,
| |sysadmin-bugs-***@public.gmane.org
--- Comment #10 from Dave Hodgins <davidwhodgins-***@public.gmane.org> 2012-10-16 04:14:54 CEST ---
Testing complete Mageia 2 i586, Mageia 1 i586, and x86-64.
Could someone from the sysadmin team push the srpms
ghostscript-9.05-2.1.mga2.src.rpm
argyllcms-1.4.0-1.1.mga2.src.rpm
icclib-2.13-1.1.mga2.src.rpm
from Mageia 2 Core Updates Testing to Core Updates and the srpm
ghostscript-9.04-1.1.mga1.src.rpm
from Mageia 1 Core Updates Testing to Core Updates.
Advisory: Updated ghostscript packages fix security vulnerability:
An integer overflow flaw, leading to a heap-based buffer overflow, was
found in Ghostscript's International Color Consortium Format library
(icclib). An attacker could create a specially-crafted PostScript or
PDF file with embedded images that would cause Ghostscript to crash
or, potentially, execute arbitrary code with the privileges of the
user running Ghostscript (CVE-2012-4405).
The argyllcms and icclib packages in Mageia 2 are also affected by this
flaw and have been updated as well.
There are known file conflicts between argyllcms and icclib which will be fixed
in a separate update. See bug 5897 for further details.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4405
http://www.mandriva.com/en/support/security/advisories/?dis=2011&name=MDVSA-2012:151-1
https://bugs.mageia.org/show_bug.cgi?id=5897
https://bugs.mageia.org/show_bug.cgi?id=7464
Dave Hodgins <davidwhodgins-***@public.gmane.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status Whiteboard|MGA1TOO has_procedure |MGA1TOO has_procedure
|mga2-64-OK |mga2-64-OK MGA2-32-OK
| |MGA1-64-OK MGA1-32-OK
Keywords| |validated_update
CC| |davidwhodgins-***@public.gmane.org,
| |sysadmin-bugs-***@public.gmane.org
--- Comment #10 from Dave Hodgins <davidwhodgins-***@public.gmane.org> 2012-10-16 04:14:54 CEST ---
Testing complete Mageia 2 i586, Mageia 1 i586, and x86-64.
Could someone from the sysadmin team push the srpms
ghostscript-9.05-2.1.mga2.src.rpm
argyllcms-1.4.0-1.1.mga2.src.rpm
icclib-2.13-1.1.mga2.src.rpm
from Mageia 2 Core Updates Testing to Core Updates and the srpm
ghostscript-9.04-1.1.mga1.src.rpm
from Mageia 1 Core Updates Testing to Core Updates.
Advisory: Updated ghostscript packages fix security vulnerability:
An integer overflow flaw, leading to a heap-based buffer overflow, was
found in Ghostscript's International Color Consortium Format library
(icclib). An attacker could create a specially-crafted PostScript or
PDF file with embedded images that would cause Ghostscript to crash
or, potentially, execute arbitrary code with the privileges of the
user running Ghostscript (CVE-2012-4405).
The argyllcms and icclib packages in Mageia 2 are also affected by this
flaw and have been updated as well.
There are known file conflicts between argyllcms and icclib which will be fixed
in a separate update. See bug 5897 for further details.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4405
http://www.mandriva.com/en/support/security/advisories/?dis=2011&name=MDVSA-2012:151-1
https://bugs.mageia.org/show_bug.cgi?id=5897
https://bugs.mageia.org/show_bug.cgi?id=7464
--
Configure bugmail: https://bugs.mageia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
Configure bugmail: https://bugs.mageia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.