security update in Fedora 28 for libgxps

Status: stable a year ago

Add patch for CVE-2018-10733

Comments 14

This update has been submitted for testing by tomh.

This update has been pushed to testing.

Works great! LGTM! =)

karma: +1

works for me

karma: +1

Dear tomh,

thanks for the update. Can You confirm, that both CVE-2018-10733 (as mentioned in bug and changelog) and CVE-2018-10767 (as mentioned here) are fixed with this update?



karma: +1

This update has been submitted for batched by bodhi.

If it fixed both I would list them both. As far as I know there is no patch for the second one yet, or at least there wasn't when I built this. Well strictly speaking I had just finished building it when the second one came in but as there was no patch for it I pushed this out without waiting.

Sure, thanks for the clarification. The hint 'Add patch for CVE-2018-10767' in the update-details of FEDORA-2018-078b082cbe and FEDORA-2018-46f3f13c68 confused me.

Ah sorry didn't realise I had mixed up the numbers - will fix that.

tomh edited this update.

no harm done .) cheers!

This update has been submitted for stable by bodhi.

This update has been pushed to stable.

Add Comment & Feedback

Please login to add feedback.

Content Type
Test Gating
Submitted by
Update Type
Update Severity
stable threshold: 3
unstable threshold: -3
Autopush (karma)
Autopush (time)
submitted a year ago
in testing a year ago
in stable a year ago
modified a year ago

Related Bugs 1

00 #1576112 CVE-2018-10733 libgxps: heap based buffer over read in ft_font_face_hash function of gxps-fonts.c [fedora-all]

Automated Test Results