OpenPKG CVS Repository http://cvs.openpkg.org/ ____________________________________________________________________________
Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-web Date: 29-Apr-2004 22:27:48 Branch: HEAD Handle: 2004042921274800 Modified files: openpkg-web/security OpenPKG-SA-2004.017-png.txt Log: last minute CVE info CAN-2004-0421 Summary: Revision Changes Path 1.5 +6 -4 openpkg-web/security/OpenPKG-SA-2004.017-png.txt ____________________________________________________________________________ patch -p0 <<'@@ .' Index: openpkg-web/security/OpenPKG-SA-2004.017-png.txt ============================================================================ $ cvs diff -u -r1.4 -r1.5 OpenPKG-SA-2004.017-png.txt --- openpkg-web/security/OpenPKG-SA-2004.017-png.txt 29 Apr 2004 20:26:34 -0000 1.4 +++ openpkg-web/security/OpenPKG-SA-2004.017-png.txt 29 Apr 2004 20:27:48 -0000 1.5 @@ -66,12 +66,14 @@ Description: - According to a security advisory from Steve Grubb, libpng accesses + According to a security advisory from Steve Grubb, libpng [1] accesses memory that is out of bounds when creating an error message. Depending on machine architecture, bounds checking and other protective measures, this problem could cause the program to crash if a defective - or intentionally prepared PNG image file is handled by libpng. This - can even lead to a Denial of Service (DoS) situation. + or intentionally prepared PNG image file is handled by libpng. + This can even lead to a Denial of Service (DoS) situation. The + Common Vulnerabilities and Exposures (CVE) project assigned the id + CAN-2004-0421 [2] to the problem. Please check whether you are affected by running "<prefix>/bin/rpm -q png" (and similarly for the other affected packages which have @@ -105,7 +107,7 @@ References: [1] http://www.libpng.org/pub/png/ - [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-... + [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0421 [3] http://www.openpkg.org/tutorial.html#regular-source [4] http://www.openpkg.org/tutorial.html#regular-binary [5] ftp://ftp.openpkg.org/release/1.3/UPD/png-1.2.5-1.3.1.src.rpm @@ . ______________________________________________________________________ The OpenPKG Project www.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]