trying to figure out fixes for CVE-2005-2974 and CVE-2005-3350
Jake Edge
jake at lwn.net
Mon May 25 19:43:08 UTC 2009
On Mon, 25 May 2009 20:21:12 +0100 (BST) Mark J Cox wrote:
> Hello Jake; Tomas Hoger has just posted the details of this issue in
> the bug, see
> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2005-3350#c7
Thanks, Mark.
I don't know much about CVE assignment and the like (but perhaps I
should), but it would seem to me that the two CVEs from 2005 apply to
libungif rather than giflib and that new CVEs should be created or
applied for as it is a different package affected (though I assume they
share much of the same code) ... it would also seem plausible that
other distributions using giflib fell into the same hole ... or is this
purely a Fedora/RHEL issue because they stuck with giflib 4.1.3?
jake
--
Jake Edge - LWN - jake at lwn.net - http://lwn.net
More information about the security
mailing list