* [Buildroot] [Bug 2161] New: [SECURITY] Update libpng to 1.2.44
@ 2010-07-05 14:11 bugzilla at busybox.net
2010-07-12 10:13 ` [Buildroot] [Bug 2161] " bugzilla at busybox.net
0 siblings, 1 reply; 2+ messages in thread
From: bugzilla at busybox.net @ 2010-07-05 14:11 UTC (permalink / raw)
To: buildroot
https://bugs.busybox.net/show_bug.cgi?id=2161
Summary: [SECURITY] Update libpng to 1.2.44
Product: buildroot
Version: unspecified
Platform: PC
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010
-1205
OS/Version: Linux
Status: NEW
Severity: major
Priority: P5
Component: Outdated package
AssignedTo: unassigned at buildroot.uclibc.org
ReportedBy: gustavo at zacarias.com.ar
CC: buildroot at uclibc.org
Estimated Hours: 0.0
Created attachment 2167
--> https://bugs.busybox.net/attachment.cgi?id=2167
[SECURITY] Update libpng to 1.2.44
Several versions of libpng through 1.4.2 (and through 1.2.43 in the older
series) contain a bug whereby progressive applications such as web browsers (or
the rpng2 demo app included in libpng) could receive an extra row of image data
beyond the height reported in the header, potentially leading to an
out-of-bounds write to memory (depending on how the application is written) and
the possibility of execution of an attacker's code with the privileges of the
libpng user (including remote compromise in the case of a libpng-based browser
visiting a hostile web site). This vulnerability has been assigned ID
CVE-2010-1205 (via Mozilla).
An additional memory-leak bug, involving images with malformed sCAL chunks, is
also present; it could lead to an application crash (denial of service) when
viewing such images.
--
Configure bugmail: https://bugs.busybox.net/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 2+ messages in thread
* [Buildroot] [Bug 2161] [SECURITY] Update libpng to 1.2.44
2010-07-05 14:11 [Buildroot] [Bug 2161] New: [SECURITY] Update libpng to 1.2.44 bugzilla at busybox.net
@ 2010-07-12 10:13 ` bugzilla at busybox.net
0 siblings, 0 replies; 2+ messages in thread
From: bugzilla at busybox.net @ 2010-07-12 10:13 UTC (permalink / raw)
To: buildroot
https://bugs.busybox.net/show_bug.cgi?id=2161
Peter Korsgaard <jacmet@uclibc.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
--- Comment #1 from Peter Korsgaard <jacmet@uclibc.org> ---
Committed, thanks
--
Configure bugmail: https://bugs.busybox.net/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2010-07-12 10:13 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-07-05 14:11 [Buildroot] [Bug 2161] New: [SECURITY] Update libpng to 1.2.44 bugzilla at busybox.net
2010-07-12 10:13 ` [Buildroot] [Bug 2161] " bugzilla at busybox.net
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox