Re: [SECURITY] [DSA 536-1] New libpng, libpng3 packages fix multiple vulnerabilities
On jeu, 2004-08-05 at 15:00 +0200, Norbert Tretkowski wrote:
> * Josselin Mouette wrote:
> > On mer, 2004-08-04 at 19:10 -0700, Matt Zimmerman wrote:
> > > For the unstable distribution (sid), these problems will be fixed
> > > soon.
> > I've just uploaded fixed packages for unstable; however I've noticed
> > mozilla still crashes on the crafted PNG provided by Chris Evans. It
> > seems that /usr/lib/mozilla/components/libimglib2.so is not
> > dynamically linked with libpng, but still includes code from it.
> Maybe that's the reason why mozilla.org released new versions of
> mozilla, mozilla-thunderbird and mozilla-firefox.
Indeed, it seems mozilla 1.7.2 fixed that.
Josselin Mouette /\./\
« Sans puissance, la maîtrise n'est rien. »