[CVS] OpenPKG: openpkg-web/security/ OpenPKG-SA-2004.017-png.txt

Thu, 29 Apr 2004 13:32:06 -0700 

  OpenPKG CVS Repository
  http://cvs.openpkg.org/
  ____________________________________________________________________________

  Server: cvs.openpkg.org                  Name:   Ralf S. Engelschall
  Root:   /e/openpkg/cvs                   Email:  [EMAIL PROTECTED]
  Module: openpkg-web                      Date:   29-Apr-2004 22:32:06
  Branch: HEAD                             Handle: 2004042921320600

  Modified files:
    openpkg-web/security    OpenPKG-SA-2004.017-png.txt

  Log:
    better not to mention an advisory until it is really available in
    public

  Summary:
    Revision    Changes     Path
    1.6         +8  -8      openpkg-web/security/OpenPKG-SA-2004.017-png.txt
  ____________________________________________________________________________

  patch -p0 <<'@@ .'
  Index: openpkg-web/security/OpenPKG-SA-2004.017-png.txt
  ============================================================================
  $ cvs diff -u -r1.5 -r1.6 OpenPKG-SA-2004.017-png.txt
  --- openpkg-web/security/OpenPKG-SA-2004.017-png.txt  29 Apr 2004 20:27:48 -0000     
 1.5
  +++ openpkg-web/security/OpenPKG-SA-2004.017-png.txt  29 Apr 2004 20:32:06 -0000     
 1.6
  @@ -66,14 +66,14 @@
   
   
   Description:
  -  According to a security advisory from Steve Grubb, libpng [1] accesses
  -  memory that is out of bounds when creating an error message. Depending
  -  on machine architecture, bounds checking and other protective
  -  measures, this problem could cause the program to crash if a defective
  -  or intentionally prepared PNG image file is handled by libpng.
  -  This can even lead to a Denial of Service (DoS) situation. The
  -  Common Vulnerabilities and Exposures (CVE) project assigned the id
  -  CAN-2004-0421 [2] to the problem.
  +  Steve Grubb discovered that the Portable Network Graphics (PNG)
  +  library libpng [1] accesses memory that is out of bounds when creating
  +  an error message. Depending on machine architecture, bounds checking
  +  and other protective measures, this problem could cause the program
  +  to crash if a defective or intentionally prepared PNG image file is
  +  handled by libpng. This can even lead to a Denial of Service (DoS)
  +  situation. The Common Vulnerabilities and Exposures (CVE) project
  +  assigned the id CAN-2004-0421 [2] to the problem.
   
     Please check whether you are affected by running "<prefix>/bin/rpm
     -q png" (and similarly for the other affected packages which have
  @@ .
______________________________________________________________________
The OpenPKG Project                                    www.openpkg.org
CVS Repository Commit List                     [EMAIL PROTECTED]

Reply via email to