Re: trying to figure out fixes for CVE-2005-2974 and CVE-2005-3350

On Mon, 25 May 2009 20:21:12 +0100 (BST) Mark J Cox wrote: Thanks, Mark. I don't know much about CVE assignment and the like (but perhaps I should), but it would seem to me that the two CVEs from 2005 apply to libungif rather than giflib and that new CVEs should be created or applied for as it is a different package affected (though I assume they share much of the same code) ... it would also seem plausible that other distributions using giflib fell into the same hole ... or is this purely a Fedora/RHEL issue because they stuck with giflib 4.1.3? jake -- Jake Edge - LWN - jake(a)lwn.net - http://lwn.net