On Fri, Dec 15, 2006 at 10:23:11PM +0100, Mike Hommey wrote: > On Fri, Dec 15, 2006 at 07:01:20PM +0100, Moritz Muehlenhoff <[EMAIL > PROTECTED]> wrote: > > Josselin Mouette wrote: > > > The only sane solution if you want to get quickly to a releaseable state > > > is to go back to the last 1.2.8 package and to backport security fixes. > > > I've also explained more long-term solutions for the libpng madness on > > > my planet posting. > > > > I agree. Especially, as the security issues are so minor, that they're not > > even worth a DSA for Sarge: > > > > CVE-2006-5793 is a pure crasher w/o potential for code injection. > > A reproducible crash in a picture processing library is only a security > > problem by a very far stretch. No big deal, and easily backportable. > > > > CVE-2006-3334 isn't exploitable, as no application-external memory sections > > can be over-written. > > I guess the latter is > http://bonsai.mozilla.org/cvsview2.cgi?diff_mode=context&whitespace_mode=show&file=pngrutil.c&branch=MOZILLA_1_8_0_BRANCH&root=/cvsroot&subdir=mozilla/modules/libimg/png&command=DIFF_FRAMESET&rev1=3.7&rev2=3.7.28.1 > > which was enough for mozilla to tag it security and fix it in firefox > 1.5.0.8.
I don't know very much about Windows; this might be exploitable for code injection on Windows. > What about > http://bonsai.mozilla.org/cvsview2.cgi?diff_mode=context&whitespace_mode=show&file=pngrtran.c&branch=MOZILLA_1_8_0_BRANCH&root=/cvsroot&subdir=mozilla/modules/libimg/png&command=DIFF_FRAMESET&rev1=3.6&rev2=3.6.28.1 > > which doesn't seem to be CVE-2006-5793 ? (same as above, tagged security > and fixed in firefox 1.5.0.8) Interesting, it appears as if noone picked it up for libpng so far. (Probably related to all other vendors only shipping backported new Mozilla versions.) Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
