[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 536-1] New libpng, libpng3 packages fix multiple vulnerabilities



On Thu, Aug 05, 2004 at 15:00:57 +0200, Norbert Tretkowski wrote:
> > I've just uploaded fixed packages for unstable; however I've noticed
> > mozilla still crashes on the crafted PNG provided by Chris Evans. It
> > seems that /usr/lib/mozilla/components/libimglib2.so is not dynamically
> > linked with libpng, but still includes code from it.

That's upstream's http://bugzilla.mozilla.org/show_bug.cgi?id=251381 .

> Maybe that's the reason why mozilla.org released new versions of mozilla,
> mozilla-thunderbird and mozilla-firefox.

It is one of the reasons. The new versions fix other security issues as
well; see
	http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.2.

Ray
-- 
For those Unix & Linux fanatics who're feeling left out, please forward this
message to everyone you know and delete a bunch of your files at random.
	Julian Richardson's response to ILOVEYOU



Reply to: