OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-web Date: 15-Jan-2003 16:40:09
Branch: HEAD Handle: 2003011515400800
Modified files:
openpkg-web/security OpenPKG-SA-2003.001-png.txt
Log:
finalize PNG SA
Summary:
Revision Changes Path
1.4 +20 -10 openpkg-web/security/OpenPKG-SA-2003.001-png.txt
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-web/security/OpenPKG-SA-2003.001-png.txt
============================================================================
$ cvs diff -u -r1.3 -r1.4 OpenPKG-SA-2003.001-png.txt
--- openpkg-web/security/OpenPKG-SA-2003.001-png.txt 15 Jan 2003 15:31:19 -0000
1.3
+++ openpkg-web/security/OpenPKG-SA-2003.001-png.txt 15 Jan 2003 15:40:08 -0000
1.4
@@ -1,3 +1,6 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
________________________________________________________________________
OpenPKG Security Advisory The OpenPKG Project
@@ -28,24 +31,24 @@
Randers-Pehrson [0], a buffer overflow vulnerability exists in the
Portable Network Graphics (PNG) library libpng [1] in connection with
16-bit samples. The starting offsets for the loops are calculated
- incorrectly which may cause a buffer overrun beyond the beginning of the
- row buffer. The Common Vulnerabilities and Exposures (CVE) project
+ incorrectly which may cause a buffer overrun beyond the beginning of
+ the row buffer. The Common Vulnerabilities and Exposures (CVE) project
assigned the id CAN-2002-1363 [2] to the problem.
Please check whether you are affected by running "<prefix>/bin/rpm
- -qa png". If you have the "png" package installed and its version
- is affected (see above), we recommend that you immediately upgrade
- it (see Solution) and it's dependent packages (see above), if any,
- too. [3][4]
+ -qa png". If you have the "png" package installed and its version is
+ affected (see above), we recommend that you immediately upgrade it
+ (see Solution) and it's dependent packages (see above), if any, too.
+ [3][4]
Solution:
Select the updated source RPM appropriate for your OpenPKG release
[5][6], fetch it from the OpenPKG FTP service [7][8] or a mirror
location, verify its integrity [9], build a corresponding binary RPM
- from it [3] and update your OpenPKG installation by applying the binary
- RPM [4]. For the current release OpenPKG 1.1, perform the following
- operations to permanently fix the security problem (for other releases
- adjust accordingly).
+ from it [3] and update your OpenPKG installation by applying the
+ binary RPM [4]. For the current release OpenPKG 1.1, perform the
+ following operations to permanently fix the security problem (for
+ other releases adjust accordingly).
$ ftp ftp.openpkg.org
ftp> bin
@@ -83,3 +86,10 @@
the command "gpg --verify --keyserver keyserver.pgp.com".
________________________________________________________________________
+-----BEGIN PGP SIGNATURE-----
+Comment: OpenPKG <[EMAIL PROTECTED]>
+
+iD8DBQE+JYCpgHWT4GPEy58RAk3eAJ9dG8BbE6BNmvWA2GOZuRNWL5lLZQCghoWd
+P4HMyx1pxytvcak6xgBPRPM=
+=Ulpx
+-----END PGP SIGNATURE-----
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]
