[SECURITY] Fedora 19 Update: autotrace-0.31.1-34.fc19
updates at fedoraproject.org
updates at fedoraproject.org
Tue Jul 9 01:41:20 UTC 2013
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2013-11904
2013-06-29 15:06:54
--------------------------------------------------------------------------------
Name : autotrace
Product : Fedora 19
Version : 0.31.1
Release : 34.fc19
URL : http://autotrace.sourceforge.net/
Summary : Utility for converting bitmaps to vector graphics
Description :
AutoTrace is a program for converting bitmaps to vector graphics.
Supported input formats include BMP, TGA, PNM, PPM, and any format
supported by ImageMagick, whereas output can be produced in
Postscript, SVG, xfig, SWF, and others.
--------------------------------------------------------------------------------
Update Information:
This is an update that fixes possible buffer overflow when parsing BMP files.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 28 2013 Jaroslav Škarvada <jskarvad at redhat.com> - 0.31.1-34
- Fixed buffer overflow when parsing BMP files
Resolves: CVE-2013-1953
* Mon Mar 18 2013 Jon Ciesla <limburgher at gmail.com> - 0.31.1-33
- ImageMagick rebuild.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #951257 - CVE-2013-1953 autotrace: buffer overflow when parsing BMP files
https://bugzilla.redhat.com/show_bug.cgi?id=951257
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update autotrace' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list