[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: optipng security release
From:       Robert Buchholz <rbu () gentoo ! org>
Date:       2009-02-25 16:19:26
Message-ID: 200902251719.29845.rbu () gentoo ! org
[Download RAW message or body]


On Tuesday 24 February 2009, Marcus Meissner wrote:
> Hi,
>
> According to http://optipng.sourceforge.net/
>
> optipng released OptiPNG 0.6.2 fixing
> "All current OptiPNG versions are known to be vulnerable to memory
> reallocation attacks, due to a bug in the GIF image reader.

Note that this is not fixed in 0.6.2, but there is a patch to apply on=20
top of 0.6.2.
0.6.2 was the release fixing CVE-2008-5101 (bmp issue).


Robert

["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]