---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-106
2004-05-05
---------------------------------------------------------------------
Name : libpng10
Version : 1.0.13
Release : 11
Summary : Old version of libpng, needed to run old binaries.
Description :
The libpng10 package contains an old version of libpng, a library of
functions for creating and manipulating PNG (Portable Network Graphics)
image format files.
This package is needed if you want to run binaries that were linked
dynamically
with libpng 1.0.x.
---------------------------------------------------------------------
* Mon Apr 19 2004 Matthias Clasen <mclasen(a)redhat.com>
- fix a possible out-of-bounds read in the error message
handler. #121229
* Tue Mar 02 2004 Elliot Lee <sopwith(a)redhat.com>
- rebuilt
* Fri Feb 13 2004 Elliot Lee <sopwith(a)redhat.com>
- rebuilt
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
a10f985ad9a99cd4ebfbed30fd83c361 SRPMS/libpng10-1.0.13-11.src.rpm
48a389fb9aac66a0bad34fd379311642 i386/libpng10-1.0.13-11.i386.rpm
ecb1bc91aec1be82144f2cba036d42d2 i386/libpng10-devel-1.0.13-11.i386.rpm
be3edda751a580a3469f2caec5a76495
i386/debug/libpng10-debuginfo-1.0.13-11.i386.rpm
e903238f62400930b2ea7539dd3d1e3b x86_64/libpng10-1.0.13-11.x86_64.rpm
cbf293eb799ec3a0f407c06f53c58319
x86_64/libpng10-devel-1.0.13-11.x86_64.rpm
f0e2875e7ecedf39a9430dd80e2b19c1
x86_64/debug/libpng10-debuginfo-1.0.13-11.x86_64.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-105
2004-05-05
---------------------------------------------------------------------
Name : libpng
Version : 1.2.2
Release : 20
Summary : A library of functions for manipulating PNG image format
files.
Description :
The libpng package contains a library of functions for creating and
manipulating PNG (Portable Network Graphics) image format files. PNG
is a bit-mapped graphics format similar to the GIF format. PNG was
created to replace the GIF format, since GIF uses a patented data
compression algorithm.
Libpng should be installed if you need to manipulate PNG format image
files.
---------------------------------------------------------------------
* Mon Apr 19 2004 Matthias Clasen <mclasen(a)redhat.com>
- fix a possible out-of-bounds read in the error message
handler. #121229
* Tue Mar 02 2004 Elliot Lee <sopwith(a)redhat.com>
- rebuilt
* Fri Feb 27 2004 Mark McLoughlin <markmc(a)redhat.com> 2:1.2.2-19
- rebuild with changed bits/setjmp.h on ppc
* Fri Feb 13 2004 Elliot Lee <sopwith(a)redhat.com>
- rebuilt
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
4ceffa6a0fe2b293ec48c2f1a4ca2fe6 SRPMS/libpng-1.2.2-20.src.rpm
876f87e9de276ed92b2e1425439233af i386/libpng-1.2.2-20.i386.rpm
afcfe9d01bfa437e24ee4ea2fc898168 i386/libpng-devel-1.2.2-20.i386.rpm
a966d3380fc2f761a49e2235b119eae2
i386/debug/libpng-debuginfo-1.2.2-20.i386.rpm
848573832baaaec56f60395c97a198ed x86_64/libpng-1.2.2-20.x86_64.rpm
9f182bc4e203c9e85fc2d216c45b638a
x86_64/libpng-devel-1.2.2-20.x86_64.rpm
e3f298fdf2f49bc6b239e209bd164cc2
x86_64/debug/libpng-debuginfo-1.2.2-20.x86_64.rpm
876f87e9de276ed92b2e1425439233af x86_64/libpng-1.2.2-20.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-112
2004-04-30
---------------------------------------------------------------------
Name : mc
Version : 4.6.0
Release : 14.10
Summary : User-friendly text console file manager and visual shell.
Description :
Midnight Commander is a visual shell much like a file manager, only
with many more features. It is a text mode application, but it also
includes mouse support if you are running GPM. Midnight Commander's
best features are its ability to FTP, view tar and zip files, and to
poke into RPMs for specific files.
---------------------------------------------------------------------
Update Information:
Several buffer overflows, several temporary file creation
vulnerabilities, and one format string vulnerability have been
discovered in Midnight Commander. These vulnerabilities were
discovered mostly by Andrew V. Samoilov and Pavel Roskin. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the names CAN-2004-0226, CAN-2004-0231, and CAN-2004-0232 to these
issues.
---------------------------------------------------------------------
* Fri Apr 16 2004 Jakub Jelinek <jakub(a)redhat.com> 4.6.0-14.10
- don't use mmap if st_size doesn't fit into size_t
- fix one missed match_normal -> match_regex
- rebuilt for FC1 updates
* Fri Apr 16 2004 Jakub Jelinek <jakub(a)redhat.com> 4.6.0-14
- avoid buffer overflows in mcedit Replace function
* Wed Apr 14 2004 Jakub Jelinek <jakub(a)redhat.com> 4.6.0-13
- perl scripting fix
* Wed Apr 14 2004 Jakub Jelinek <jakub(a)redhat.com> 4.6.0-12
- fix a bug in complete.c introduced by last patch
- export MC_TMPDIR env variable
- avoid integer overflows in free diskspace % counting
- put temporary files into $MC_TMPDIR tree if possible,
use mktemp/mkdtemp
* Mon Apr 05 2004 Jakub Jelinek <jakub(a)redhat.com> 4.6.0-11
- fix a bunch of buffer overflows and memory leaks (CAN-2004-0226)
- fix hardlink handling in cpio filesystem
- fix handling of filenames with single/double quotes and backslashes
in /usr/share/mc/extfs/rpm
- update php.syntax file (#112645)
- fix crash with large syntax file (#112644)
- update CAN-2003-1023 fix to still make vfs symlinks relative,
but with bounds checking
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
b032b48a63ae1f70296d541e470bd9df SRPMS/mc-4.6.0-14.10.src.rpm
a7ccdcc1744b3ebb1c14842d5a94a437 i386/mc-4.6.0-14.10.i386.rpm
b4a4085af11f8bb7da015080e9ae9301 i386/debug/mc-debuginfo-4.6.0-14.10.i386.rpm
4dbc04a7c8795eeb5098a6d8a87ed38b x86_64/mc-4.6.0-14.10.x86_64.rpm
6c3a6ec0e4a85269be2438791c7eb2e7 x86_64/debug/mc-debuginfo-4.6.0-14.10.x86_64.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------