Fedora: 2009-2970 Moderate: lcms Memory Leak and Overflow Fixes

LittleCMS intends to be a small-footprint, speed optimized color management

engine in open source form.

Some patches that was collected in the fedora package have just been submitted

upstream. Changes are hight that this update can be superseeded by a beta3 or a

stable release from upstream.

* Fri Mar 20 2009 kwizart < kwizart at gmail.com > - 1.18-0.1.beta2

- Update to 1.18beta2

fix bug #487508: CVE-2009-0723 LittleCms integer overflow

fix bug #487512: CVE-2009-0733 LittleCms lack of upper-bounds check on sizes

fix bug #487509: CVE-2009-0581 LittleCms memory leak

* Mon Mar 2 2009 kwizart < kwizart at gmail.com > - 1.17-10

- Fix circle dependency #452352

* Wed Feb 25 2009 Fedora Release Engineering - 1.17-9

- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild

* Thu Dec 4 2008 kwizart < kwizart at gmail.com > - 1.17-8

- Fix autoreconf and missing auxiliary files.

* Sat Nov 29 2008 Ignacio Vazquez-Abrams - 1.17-7

- Rebuild for Python 2.6

[ 1 ] Bug #487508 - CVE-2009-0723 LittleCms integer overflow

https://bugzilla.redhat.com/show_bug.cgi?id=487508

[ 2 ] Bug #487512 - CVE-2009-0733 LittleCms lack of upper-bounds check on sizes

https://bugzilla.redhat.com/show_bug.cgi?id=487512

[ 3 ] Bug #487509 - CVE-2009-0581 LittleCms memory leak

https://bugzilla.redhat.com/show_bug.cgi?id=487509

su -c 'yum update lcms' at the command line.

For more information, refer to "Managing Software with yum",

available at .

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/