Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=504782 Tomas Hoger <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- External Bug ID| |Gentoo 272970 --- Comment #1 from Tomas Hoger <[email protected]> 2009-06-09 08:43:02 EDT --- Upstream page - http://www.libpng.org/pub/png/libpng.html - contains a rather confusing vulnerability warning: Vulnerability Warning Jeff Phillips reported that several versions of libpng through 1.2.35 contain an uninitialized-memory-read bug that may have security implications. Specifically, 1-bit (2-color) interlaced images whose widths are not divisible by 8 may result in several uninitialized bits at the end of certain rows in certain interlace passes being returned to the user. An application that failed to mask these out-of-bounds pixels might display or process them, albeit presumably with benign results in most cases. This bug may be fixed in version 1.2.36, released 7 May 2009, but the correct fix is in version 1.2.37, released 4 June 2009. Going though 1.2.35 -> 1.2.36 and 1.2.36 -> 1.2.37 diffs, this probably refers to the following changes: Changes in 1.2.36: +version 1.2.36beta02 [March 21, 2009] + Use png_memset() after png_malloc() of big_row_buf when reading an + interlaced file, to avoid a possible UMR. http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng;a=commitdiff;h=85f7d0a8d5f45176d8f200e59b0d3002ff0f445d#patch26 Changes in 1.2.37: +version 1.2.37beta01 [May 12, 2009] + Fixed inconsistency in pngrutil.c, introduced in libpng-1.2.36. The + memset() was using "png_ptr->rowbytes" instead of "row_bytes", which + the corresponding png_malloc() uses (Joe Drew). http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng;a=commitdiff;h=549a5101e7d59bec9af1a4d90afe714ceff5c5dd -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. _______________________________________________ fedora-mingw mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/fedora-mingw
