Re: Security update of libpng[23]
I thought I had subscribed to dsa. I got an Advisory just after I sent
my mail out, perhaps I had been just to impatient.
I was a little bit nervous because of that openssh problem I think ;-)
Thanks!
Regards,
Martin
On Thu, Aug 01, 2002 at 05:03:30PM +0200, Dirk Hartmann wrote:
> Hi,
>
> --On Thursday, August 01, 2002 16:50:16 +0200 Martin Hermanowski
> <martin@martin.mh57.net> wrote:
>
> >an apt-get update && apt-get upgrade -dy today brought me new
> >libpng[23]-Packages from security.debian.org for woody/stable,
> >but I can't find an advisory for them. What changes were made?
>
> maybe you should subscribe to debian-security-announce too.
>
> Here the Head of the Advisory:
>
> -
> -----------------------------------------------------------------------
> ---
> Debian Security Advisory DSA 140-1
> security@debian.org
> http://www.debian.org/security/ Martin
> Schulze
> August 1st, 2002
> -
> -----------------------------------------------------------------------
> ---
>
> Package : libpng2, libpng3
> Vulnerability : buffer overflow
> Problem-Type : remote
> Debian-specific: no
>
> Developers of the PNG library have fixed a buffer overflow in the
> progressive reader when the PNG datastream contains more IDAT data
> than indicated by the IHDR chunk. Such deliberately malformed
> datastreams would crash applications which could potentially allow an
> attacker to execute malicious code. Programs such as Galeon,
> Konquerer and various others make use of these libraries.
>
> ....
> -------------------------------------------------
>
> Dirk
>
> --
> Dirk Hartmann, Netzworkadministration #PGP-Key available
> Verlag Heinz Heise GmbH & Co KG, Helstorferstr. 7, D-30625 Hannover
> E-Mail: dha@heise.de - Tel.: +49 511 5352 494 - FAX: +49 511 5352 479
> ---------------------------------------------------------------------
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
>
Reply to: