CVEs have been assigned for security issues fixed in imlib2 1.4.7: http://openwall.com/lists/oss-security/2016/01/22/6 Updated package uploaded for Mageia 5. Advisory: ======================== Updated imlib2 packages fix security vulnerabilities: Various issues in imlib before 1.4.7 in the GIF loader (CVE-2014-9762, CVE-2014-9764) and PNM loader (CVE-2014-9763) could cause crashes. The imlib2 package has been updated to version 1.4.7, fixing these issues and several other bugs. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9762 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9763 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9764 https://git.enlightenment.org/legacy/imlib2.git/tree/ChangeLog http://openwall.com/lists/oss-security/2016/01/22/6 ======================== Updated packages in core/updates_testing: ======================== libimlib2_1-1.4.7-1.mga5 libimlib2-devel-1.4.7-1.mga5 libimlib2_1-filters-1.4.7-1.mga5 libimlib2_1-loaders-1.4.7-1.mga5 imlib2-data-1.4.7-1.mga5 from imlib2-1.4.7-1.mga5.src.rpm Reproducible: Steps to Reproduce:
Debian-LTS has issued an advisory for this on January 24: http://lwn.net/Alerts/673416/
URL: (none) => http://lwn.net/Vulnerabilities/673458/
MGA5-32 on Acer D620 Xfce No installation issues Found Eterm to be dependent on libimlib2_1, run at CLI $ strace -o ~/Documenten/eterm.txt Eterm played a bit with font and background settings and checked in eterm.txt that the library was used.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA5-32-OK
Keywords: (none) => validated_updateWhiteboard: MGA5-32-OK => MGA5-32-OK advisoryCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0049.html
Status: NEW => RESOLVEDResolution: (none) => FIXED