Beware...
Of people issuing "security" patches. Last week a couple of Linux distributions were suckered into updating lcms with a patch coming from a certain Andrea Barsiani. Because of an alleged security risk... Well, this patch completely and utterly broke lcms. And right at the time when we were tagging KOffice RC1, so people who run up-to-date distros started reporting crashes in Krita. We nearly got a heart attack thinking it was our code...
To quote Marti Maria, the lcms maintainer:
The short history is, a guy called Adrea Barisani, claiming to represent some obscure security company called oCERT, was providing a patch to fix a "vulnerability" they found.
At the end, the oCERT company was just Andrea Barsiani who setup ocert in 2008 to get google sponsoring.
The whole internet is now filled with hype about this "vulnerability", and in truth this "patch" breaks littlecms functionality, and probably opens some back door, so, please:
DON'T USE PATCHES FROM UNTRUSTED SOURCES.
I guess you were told something similar in school right? :-)
The problem, if any, is restricted to a very specific architecture (x86, no DEP, crafted profile).
With this patch lcms does not work at all. Please upgrade to 1.18 and let's forgot all this nasty stuff.
So, if you're packaging lcms for your distro, please upgrade to 1.18. And, please, if you patch lcms, make sure it's an official patch, from a trusted source. Like, Marti Maria...
Update: Kubuntu has a fix, and Marc Deslauriers has identified the possible culprit from the security patch. This patch was also in on 1.18b1, but removed in 1.18b2.