Summary: | media-libs/libpng <1.2.32 png_push_read_zTXt() Off-By-One DoS (CVE-2008-3964) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | base-system |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://secunia.com/advisories/31781/ | ||
Whiteboard: | ~3 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 237321 | ||
Bug Blocks: |
Description
Robert Buchholz (RETIRED)
2008-09-09 12:53:13 UTC
CVE-2008-3964 has been assigned. As a side note, before >libpng-1.2.30 goes stable. cairo-1.6.4-r1 needs to go stable otherwise any app that uses PNG images and cairo (which is anything that uses GTK+) will segfault due to an API change in libpng 1.2.30 and higher. This was introduced in libpng-1.2.30beta04, so it does not affect stable. The only version we have in the tree affected by this is 1.2.31, and since that is superseded by 1.2.32, this bug can be closed. Please remove 1.2.31 and do not process it for stabling. |