Re: please unblock libpng 1.2.15~beta5-0
On Fri, Dec 15, 2006 at 07:01:20PM +0100, Moritz Muehlenhoff <jmm@inutil.org> wrote:
> Josselin Mouette wrote:
> > The only sane solution if you want to get quickly to a releaseable state
> > is to go back to the last 1.2.8 package and to backport security fixes.
> > I've also explained more long-term solutions for the libpng madness on
> > my planet posting.
>
> I agree. Especially, as the security issues are so minor, that they're not
> even worth a DSA for Sarge:
>
> CVE-2006-5793 is a pure crasher w/o potential for code injection.
> A reproducible crash in a picture processing library is only a security
> problem by a very far stretch. No big deal, and easily backportable.
>
> CVE-2006-3334 isn't exploitable, as no application-external memory sections
> can be over-written.
I guess the latter is
http://bonsai.mozilla.org/cvsview2.cgi?diff_mode=context&whitespace_mode=show&file=pngrutil.c&branch=MOZILLA_1_8_0_BRANCH&root=/cvsroot&subdir=mozilla/modules/libimg/png&command=DIFF_FRAMESET&rev1=3.7&rev2=3.7.28.1
which was enough for mozilla to tag it security and fix it in firefox
1.5.0.8.
What about
http://bonsai.mozilla.org/cvsview2.cgi?diff_mode=context&whitespace_mode=show&file=pngrtran.c&branch=MOZILLA_1_8_0_BRANCH&root=/cvsroot&subdir=mozilla/modules/libimg/png&command=DIFF_FRAMESET&rev1=3.6&rev2=3.6.28.1
which doesn't seem to be CVE-2006-5793 ? (same as above, tagged security
and fixed in firefox 1.5.0.8)
Mike
Reply to: