Re: libpng security vulnerability: lots of apps that display pngs don't use libpng

To: debian-user@lists.debian.org
Subject: Re: libpng security vulnerability: lots of apps that display pngs don't use libpng
From: Florian Ernst <florian@uni-hd.de>
Date: Fri, 6 Aug 2004 18:49:29 +0200
Message-id: <[🔎] 20040806164929.GV16480@live>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20040806153141.GA10569@comcast.net>
References: <[🔎] 20040806153141.GA10569@comcast.net>

Hello!

On Fri, Aug 06, 2004 at 08:31:41AM -0700, William Ballard wrote:
> Saw the buffer overrun exploit in libpng in the news today.
> 
> I guess .so files in Linux are like .dll files in Windows, every app 
> which displays pngs will be "fixed" by the recently updated libpng* 
> packages which fix the bug?

Almost. Every app that uses the libpng libraries by dynamically
linking to them will be fixed when the library is updated, but
programs which incorporated some of the code into their own codebase
will have to be fixed separately, as for example Mozilla, see
<http://bugs.debian.org/263612>.

Cheers,
Flo

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- libpng security vulnerability: lots of apps that display pngs don't use libpng
  - From: William Ballard <40711.nospam@comcast.net>

Prev by Date: Re: XFree vs. xorg
Next by Date: Re: you may be even more embarassed if you can't deliver
Previous by thread: libpng security vulnerability: lots of apps that display pngs don't use libpng
Next by thread: Postfix with SASL and TLS support in Sarge (and Sid)
Index(es):
- Date
- Thread