User: Password:
Subscribe / Log in / New account

Fedora alert FEDORA-2013-12115 (gegl)

Subject:  [SECURITY] Fedora 19 Update: gegl-0.2.0-11.fc19
Date:  Fri, 12 Jul 2013 03:13:17 +0000
Message-ID:  <>
Archive-link:  Article, Thread

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2013-12115 2013-07-01 22:38:27 -------------------------------------------------------------------------------- Name : gegl Product : Fedora 19 Version : 0.2.0 Release : 11.fc19 URL : Summary : A graph based image processing framework Description : GEGL (Generic Graphics Library) is a graph based image processing framework. GEGLs original design was made to scratch GIMPs itches for a new compositing and processing core. This core is being designed to have minimal dependencies. and a simple well defined API. -------------------------------------------------------------------------------- Update Information: This update contains the following changes: * Fix buffer overflow in and add plausibility checks to the ppm-load operation. * Fix multi-lib issue where content of generated documentation could differ between architectures. -------------------------------------------------------------------------------- ChangeLog: * Mon Jul 1 2013 Nils Philippsen <> - 0.2.0-11 - replace lua-5.2 patch by upstream commit - fix buffer overflow in and add plausibility checks to ppm-load op (CVE-2012-4433) - fix multi-lib issue in generated documentation * Wed May 15 2013 Tom Callaway <> - 0.2.0-10 - rebuild for lua 5.2 - disable check suite (so broken) -------------------------------------------------------------------------------- References: [ 1 ] Bug #856300 - CVE-2012-4433 gegl: Integer overflow, leading to heap-based buffer overflow by parsing PPM image headers -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update gegl' at the command line. For more information, refer to "Managing Software with yum", available at All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds