On 04/26/2016 01:27 AM, Simon Lees wrote: > > > On 04/26/2016 04:43 AM, Santiago Torres wrote: >> Hello everyone, >> >> I'm part of Arch's CVE monitoring team. We noticed that there are 4/5 >> CVE's fixed on the latest commits of imlib2, but they are not part of >> the latest release. >> >> We were wondering if a new release is scheduled to come out soon, as we >> would like to integrate these fixes in our version of imlib2 >> >> Having an official release of imlib2 would make things easier for >> packagers, so they don't have to backport the fixes from the VCS. >> >> Thanks in advance! >> -Santiago. >> > > Hi Santiago, > > I believe its being organised once the issues stop rolling in, from a > security perspective none of the issues are any more then minor. I'm > waiting for the same for openSUSE, unfortunately for SUSE Linux > Enterprise i've had to backport a bunch of stuff. > > Cheers > If we are done for now I'll roll a release in a couple of days.
I believe these are the CVEs fixed since 1.4.8: CVE-2011-5326: Fix divide-by-zero on 2x1 ellipse CVE-2016-3993: Fix off-by-one OOB read CVE-2016-3994: Fix out-of-bounds read in the GIF loader CVE-2016-4024: Fix integer overflow Please correct me if I'm wrong. /Kim ------------------------------------------------------------------------------ Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z _______________________________________________ enlightenment-devel mailing list enlightenment-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
