Fedora 9 Update: argyllcms-1.0.3-3.fc9
Summary
The Argyll color management system supports accurate ICC profile creation for
scanners, CMYK printers, film recorders and calibration and profiling of
displays.
Spectral sample data is supported, allowing a selection of illuminants observer
types, and paper fluorescent whitener additive compensation. Profiles can also
incorporate source specific gamut mappings for perceptual and saturation
intents. Gamut mapping and profile linking uses the CIECAM02 appearance model,
a unique gamut mapping algorithm, and a wide selection of rendering intents. It
also includes code for the fastest portable 8 bit raster color conversion
engine available anywhere, as well as support for fast, fully accurate 16 bit
conversion. Device color gamuts can also be viewed and compared using a VRML
viewer.
Multiple integer overflows were found in the International Color Consortium
Format Library (icclib). An attacker could use this flaw to potentially execute
arbitrary code by requesting to translate a specially- crafted image file
created on one device into another's device native color space via a device
file.
* Mon Mar 23 2009 Jon Ciesla
- Patch for ICC library CVE-2009-{0583, 0584} by Tim Waugh.
* Mon Feb 23 2009 Fedora Release Engineering
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Wed Sep 3 2008 Nicolas Mailhot
- 1.0.3-1
⌨ Bugfix release
* Mon Sep 1 2008 Nicolas Mailhot
- 1.0.2-1
ᾢ Bugfix release
* Sun Jul 27 2008 Nicolas Mailhot
- 1.0.1-1
☻ Lots of workarounds dropped — Argyll continues progressing towards “normal
package” state
☺ No more jam hell ☡, autotooling patch by Alastair M. Robinson ♥♥♥
♿ New workaround added for private libusb check ⚔ We build againt system
libusb, and will fix ⚕ any problem people care to report
⁜ Re-applied some patches still not merged upstream, including the legal ⚖ one
⚙ It builds, what can go wrong⁉
⁂ Changed Huey policy file. Huey users, please test
[ 1 ] Bug #487742 - CVE-2009-0583 ghostscript: Multiple integer overflows in the International Color Consortium Format Library
https://bugzilla.redhat.com/show_bug.cgi?id=487742
[ 2 ] Bug #487744 - CVE-2009-0584 ghostscript: Multiple insufficient upper-bounds checks on certain sizes in the International Color Consortium Format Library
https://bugzilla.redhat.com/show_bug.cgi?id=487744
su -c 'yum update argyllcms' at the command line.
For more information, refer to "Managing Software with yum",
available at .
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-announce
FEDORA-2009-3031 2009-03-25 15:23:30 Product : Fedora 9 Version : 1.0.3 Release : 3.fc9 URL : http://www.argyllcms.com/ Summary : ICC compatible color management system Description : The Argyll color management system supports accurate ICC profile creation for scanners, CMYK printers, film recorders and calibration and profiling of displays. Spectral sample data is supported, allowing a selection of illuminants observer types, and paper fluorescent whitener additive compensation. Profiles can also incorporate source specific gamut mappings for perceptual and saturation intents. Gamut mapping and profile linking uses the CIECAM02 appearance model, a unique gamut mapping algorithm, and a wide selection of rendering intents. It also includes code for the fastest portable 8 bit raster color conversion engine available anywhere, as well as support for fast, fully accurate 16 bit conversion. Device color gamuts can also be viewed and compared using a VRML viewer. Multiple integer overflows were found in the International Color Consortium Format Library (icclib). An attacker could use this flaw to potentially execute arbitrary code by requesting to translate a specially- crafted image file created on one device into another's device native color space via a device file. * Mon Mar 23 2009 Jon Ciesla - 1.0.3-3 - Patch for ICC library CVE-2009-{0583, 0584} by Tim Waugh. * Mon Feb 23 2009 Fedora Release Engineering - 1.0.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild * Wed Sep 3 2008 Nicolas Mailhot - 1.0.3-1 ⌨ Bugfix release * Mon Sep 1 2008 Nicolas Mailhot - 1.0.2-1 ᾢ Bugfix release * Sun Jul 27 2008 Nicolas Mailhot - 1.0.1-1 ☻ Lots of workarounds dropped — Argyll continues progressing towards “normal package” state ☺ No more jam hell ☡, autotooling patch by Alastair M. Robinson ♥♥♥ ♿ New workaround added for private libusb check ⚔ We build againt system libusb, and will fix ⚕ any problem people care to report ⁜ Re-applied some patches still not merged upstream, including the legal ⚖ one ⚙ It builds, what can go wrong⁉ ⁂ Changed Huey policy file. Huey users, please test [ 1 ] Bug #487742 - CVE-2009-0583 ghostscript: Multiple integer overflows in the International Color Consortium Format Library https://bugzilla.redhat.com/show_bug.cgi?id=487742 [ 2 ] Bug #487744 - CVE-2009-0584 ghostscript: Multiple insufficient upper-bounds checks on certain sizes in the International Color Consortium Format Library https://bugzilla.redhat.com/show_bug.cgi?id=487744 su -c 'yum update argyllcms' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-announce
Change Log
References