On Fri, Dec 15, 2006 at 07:01:20PM +0100, Moritz Muehlenhoff <[EMAIL PROTECTED]> wrote: > Josselin Mouette wrote: > > The only sane solution if you want to get quickly to a releaseable state > > is to go back to the last 1.2.8 package and to backport security fixes. > > I've also explained more long-term solutions for the libpng madness on > > my planet posting. > > I agree. Especially, as the security issues are so minor, that they're not > even worth a DSA for Sarge: > > CVE-2006-5793 is a pure crasher w/o potential for code injection. > A reproducible crash in a picture processing library is only a security > problem by a very far stretch. No big deal, and easily backportable. > > CVE-2006-3334 isn't exploitable, as no application-external memory sections > can be over-written.
I guess the latter is http://bonsai.mozilla.org/cvsview2.cgi?diff_mode=context&whitespace_mode=show&file=pngrutil.c&branch=MOZILLA_1_8_0_BRANCH&root=/cvsroot&subdir=mozilla/modules/libimg/png&command=DIFF_FRAMESET&rev1=3.7&rev2=3.7.28.1 which was enough for mozilla to tag it security and fix it in firefox 1.5.0.8. What about http://bonsai.mozilla.org/cvsview2.cgi?diff_mode=context&whitespace_mode=show&file=pngrtran.c&branch=MOZILLA_1_8_0_BRANCH&root=/cvsroot&subdir=mozilla/modules/libimg/png&command=DIFF_FRAMESET&rev1=3.6&rev2=3.6.28.1 which doesn't seem to be CVE-2006-5793 ? (same as above, tagged security and fixed in firefox 1.5.0.8) Mike -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
