[SECURITY] libwmf

Yaakov Selkowitz yselkowitz@cygwin.com
Fri Jun 26 16:51:00 GMT 2015


On Mon, 2015-06-08 at 15:42 -0500, Yaakov Selkowitz wrote:
> On Fri, 2015-06-05 at 03:17 -0500, Yaakov Selkowitz wrote:
> > Dr. Volker,
> > 
> > A security vulnerability has been made public for libwmf:
> > 
> > https://bugzilla.redhat.com/show_bug.cgi?id=1227243
> 
> Actually, it's worse than that.  Despite configuring with --with-sys-gd,
> libwmf is still being built with the bundled libgd (which has either an
> older or custom API) instead of the system one.  Therefore, practically
> the entire patchset is required to fix all known vulnerabilities:
> 
> http://pkgs.fedoraproject.org/cgit/libwmf.git/

Are you still with us?  

There has been further additions to that patchset for two more CVEs.

--
Yaakov




More information about the Cygwin-apps mailing list