"A vulnerability in libwmf can be potentially exploited by malicious
people to compromise an application using the vulnerable library.
The vulnerability is caused due to an integer overflow error when
allocating memory based on a value taken directly from a WMF file
without performing any checks. This can be exploited to cause a
heap-based buffer overflow when a specially crafted WMF file is
processed.
Successful exploitation may allow execution of arbitrary code."
http://secunia.com/advisories/20921/http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3376
Patch from Red Hat. Bump PKGREVISION.
* 3 patches from Caolan at RedHat: remove unnecessary extra linked
libs; remove some warnings; rh154813 which (same redhat issuzilla
bug id) I theorize fixes some upsidedown wmfs.
Changes from 0.2.1 are here:
v. 0.2.2
* fix wmf2x arg detection bug (Bob Friesenhahn)
* added --with-layers option (fjf)
* de-necessitate GD, add libpng support (highly experimental);
rename config.h* to wmfconfig.h*; libxml2 fix (fjf)
* release builds: configure-time Darwin-detection & lt-patching;
make magick device layer optional; rewrite xml2 detection (wv);
make secondary IPA functions static (fjf)
* change copyright on include/libwmf/magick.h
* add paranoid check for xmlChar**attributes==NULL
* add one of many missing consts (Bob Friesenhahn)
* add check for vsnprintf in libdb (David C Sterratt)
* add 'foreign' device layer for non-wmf stuff
* x,gd: better placement of text
* x,gd: beginnings of a ROP implementation
* change gd-layer source file names to 'xgd' root
* use X-layer style text drawing in gd-layer
* yet more config updates (fun, fun, fun!)
* update other config stuff to handle autoconf-2.52
* update config.sub/guess to libtool-1.4.1
* make building/inclusion of GD library optional (fjf)
* acinclude fix (Tomasz K^3oczko)
* up the version number (fjf)
series is no longer in active development.
Please take a look at release note for more info of this version.
http://www.alinameridon.com/libwmf/Readme.html
converters/wv package will also be updated to latest version soon.
