Package: libpng
Version: 1.2.15~beta5-1+etch2
Severity: serious
Tags: security

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for libpng.

CVE-2009-2042[0]:
| libpng before 1.2.37 does not properly parse 1-bit interlaced images
| with width values that are not divisible by 8, which causes libpng to
| include uninitialized bits in certain rows of a PNG file and might
| allow remote attackers to read portions of sensitive memory via
| "out-of-bounds pixels" in the file.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

This is already fixed in the version of unstable.  Please coordinate
with the security team to prepare updates for the stable releases.
Thank you.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2042
    http://security-tracker.debian.net/tracker/CVE-2009-2042



-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to