[SECURITY] Fedora 10 Update: giflib-4.1.6-2.fc10
updates at fedoraproject.org
updates at fedoraproject.org
Thu Jun 18 11:39:31 UTC 2009
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-4848
2009-05-12 02:51:14
--------------------------------------------------------------------------------
Name : giflib
Product : Fedora 10
Version : 4.1.6
Release : 2.fc10
URL : http://www.sourceforge.net/projects/giflib/
Summary : Library for manipulating GIF format image files
Description :
The giflib package contains a shared library of functions for loading and
saving GIF format image files. It is API and ABI compatible with libungif,
the library which supported uncompressed GIFs while the Unisys LZW patent
was in effect.
--------------------------------------------------------------------------------
Update Information:
- Update to 4.1.6 containing several upstream fixes etc. - Solved multilib
problems with documentation (#465208, #474538) - Removed static library from
giflib-devel package (#225796 #c1)
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #494826 - CVE-2005-2974 giflib/libunfig: NULL pointer dereference crash
https://bugzilla.redhat.com/show_bug.cgi?id=494826
[ 2 ] Bug #494823 - CVE-2005-3350 giflib/libunfig: memory corruption via a crafted GIF
https://bugzilla.redhat.com/show_bug.cgi?id=494823
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update giflib' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list