Alex Vong <alexvong1995@gmail.com> writes:

>>> Besides, the security bug in which 'lcms-fix-out-of-bounds-read.patch'
>>> fixed has been assigned CVE-2016-10165 according to [0], should we
>>> change the name of the patch?
>>>
>>> [0]: https://bugzilla.redhat.com/show_bug.cgi?id=1367357
>>
>> Good catch. Would you like to do it?
>>
>> Could you submit this patch against the 'core-updates' branch? LCMS
>> causes ~1800 rebuilds which is too much for 'master'. The CVE patch has
>> also been 'un-grafted' in core-updates, so the context will be slightly
>> different. TIA!
>
> Sure, the patches are here:

Applied, thank you!