Package: libpng Tags: security patch Severity: critical
https://bugzilla.redhat.com/show_bug.cgi?id=717084 Vincent Danen 2011-06-27 18:34:45 EDT It was reported [1] that the fix for CVE-2004-0421 in libpng was inadvertently reverted during the 1.2.23 development cycle. The original flaw could be used to cause a denial of service via a carefully-crafted PNG image. This would affect all versions of libpng >=1.2.23, including 1.4.x and 1.5.x. [1] http://sourceforge.net/mailarchive/forum.php?thread_name=BANLkTikrnU6FJNQYFvwmt78hwpgKPVRd1Q%40mail.gmail.com&forum_name=png-mng-implement Vincent Danen 2011-06-27 18:43:19 EDT Upstream fix is here: http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commitdiff;h=65e6d5a34f49acdb362a0625a706c6b914e670af Huzaifa S. Sidhpurwala 2011-06-28 23:44:56 EDT This has been assigned CVE-2011-2501: http://www.openwall.com/lists/oss-security/2011/06/28/16 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
