Date: Thu, 5 Aug 2004 19:41:40 +0400 From: Andrey Chernov <ache@nagual.pp.ru> To: Chuck Swiger <cswiger@mac.com>, FreeBSD Ports <ports@FreeBSD.ORG> Subject: Re: update vulnerable libpng to fixed version? Message-ID: <20040805154139.GA45715@nagual.pp.ru> In-Reply-To: <20040805152915.GA45293@nagual.pp.ru> References: <20040804190855.GA69872@iib.unsam.edu.ar> <2E7293C8-E656-11D8-91D1-003065ABFD92@mac.com> <20040805015904.GA27667@nagual.pp.ru> <41124F36.6080506@mac.com> <20040805152915.GA45293@nagual.pp.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Aug 05, 2004 at 07:29:15PM +0400, Andrey Chernov wrote: > Since CERT entry VU#388984 not points to any patch, I can only guess that > this bug is fixed by official 0-11 patches I commit several hours ago. I mean, any _specific_ patch, of course. They point to http://scary.beasts.org/security/CESA-2004-001.txt with some patch, but there is: "NOTE! This patch serves as demo purposes for the flaws only. An official v1.2.6 libpng with an official, slightly different fix will be released by the libpng team in parallel with this advisory." What is in 1.2.6 in that place is equal to 1.2.5 official patches. Patch from CESA is not used. -- Andrey Chernov | http://ache.pp.ru/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040805154139.GA45715>