[Mageia-dev] freeze push: rpm

Thierry Vignaud thierry.vignaud at gmail.com
Thu Apr 5 02:25:39 CEST 2012


Hi

Please let in rpm-4.9.1.3.
It's a pure security fixes release.
It passes rpm, perl-URPM & urpmi test suites (same % of success for urpmi).

See http://rpm.org/wiki/Releases/4.9.1.3:
"Summary of changes from RPM 4.9.1.2

This is a security-only update for CVE:2012-0060, CVE:2012-0061 and
CVE:2012-0815.
Security

    Properly sanity check region tags on header/package read (CVE:2012-0060)
    Sanity check header regions fit within the header (CVE:2012-0061)
    Sanity check negated region offsets too in headerVerifyInfo()
(CVE:2012-0815)"


More information about the Mageia-dev mailing list