Package: libpng Severity: important Tags: security, patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for libpng.
CVE-2008-3964[0]: | Multiple off-by-one errors in libpng before 1.2.32beta01, and 1.4 | before 1.4.0beta34, allow context-dependent attackers to cause a | denial of service (crash) or have unspecified other impact via a PNG | image with crafted zTXt chunks, related to (1) the png_push_read_zTXt | function in pngread.c, and possibly related to (2) pngtest.c. As discussed via private email before, the patch is: -#define PNG_tIME_STRING_LENGTH 30 +#define PNG_tIME_STRING_LENGTH 29 Please ask for a freeze exception for lenny. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. Cheers Steffen For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3964 http://security-tracker.debian.net/tracker/CVE-2008-3964 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
