[SECURITY] Fedora 13 Update: libgdiplus-2.6.7-2.fc13

updates at fedoraproject.org updates at fedoraproject.org
Thu Sep 9 01:21:21 UTC 2010


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-13698
2010-08-30 17:43:54
--------------------------------------------------------------------------------

Name        : libgdiplus
Product     : Fedora 13
Version     : 2.6.7
Release     : 2.fc13
URL         : http://www.mono-project.com/Main_Page
Summary     : An Open Source implementation of the GDI+ API
Description :
An Open Source implementation of the GDI+ API, it is part of the Mono
Project

--------------------------------------------------------------------------------
Update Information:

* bugfix for three integer overflow errors (CVE-2010-1526)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Aug 25 2010 Christian Krause <chkr at fedoraproject.org> - 2.6.7-2
- Add upstream patch for CVE-2010-1526
* Tue Jul 27 2010 Christian Krause <chkr at fedoraproject.org> - 2.6.7-1
- Update to 2.6.7 release 
- Add BR giflib-devel and libexif-devel
* Sun Jun 20 2010 Christian Krause <chkr at fedoraproject.org> - 2.6.4-1
- Cleanup spec file
- Remove removal of -Werror - not applicable anymore
* Tue Apr 27 2010 Paul F. Johnson <paul at all-the-johnsons.co.uk> 2.6.4-1
- Update to the 2.6.4 release
- URL and source locations fixed in spec file
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #626821 - CVE-2010-1526 libgdiplus: Integer overflows by loading 1, TIFF 2, JPEG and 3, BMP images
        https://bugzilla.redhat.com/show_bug.cgi?id=626821
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update libgdiplus' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


More information about the package-announce mailing list