Date: Thu, 5 Aug 2004 19:29:15 +0400 From: Andrey Chernov <ache@nagual.pp.ru> To: Chuck Swiger <cswiger@mac.com> Cc: FreeBSD Ports <ports@FreeBSD.ORG> Subject: Re: update vulnerable libpng to fixed version? Message-ID: <20040805152915.GA45293@nagual.pp.ru> In-Reply-To: <41124F36.6080506@mac.com> References: <20040804190855.GA69872@iib.unsam.edu.ar> <2E7293C8-E656-11D8-91D1-003065ABFD92@mac.com> <20040805015904.GA27667@nagual.pp.ru> <41124F36.6080506@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Aug 05, 2004 at 11:16:06AM -0400, Chuck Swiger wrote: > However, having 1.2.6rc1 listed as the recommended upgrade path in a CERT > advisory probably makes 1.2.6rc1 more public than it would have been, > otherwise. Speaking of which, the CERT advisory reads: > > In the case of VU#388984, an attacker with the ability to introduce a > malformed PNG image to a vulnerable application could cause the > application to crash or could potentially execute arbitrary code with > the privileges of the user running the affected application. Since CERT entry VU#388984 not points to any patch, I can only guess that this bug is fixed by official 0-11 patches I commit several hours ago. -- Andrey Chernov | http://ache.pp.ru/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040805152915.GA45293>