[CVS] OpenPKG: openpkg-web/security/ OpenPKG-SA-2004.017-png.txt

Thu, 29 Apr 2004 13:27:48 -0700 

  OpenPKG CVS Repository
  http://cvs.openpkg.org/
  ____________________________________________________________________________

  Server: cvs.openpkg.org                  Name:   Thomas Lotterer
  Root:   /e/openpkg/cvs                   Email:  [EMAIL PROTECTED]
  Module: openpkg-web                      Date:   29-Apr-2004 22:27:48
  Branch: HEAD                             Handle: 2004042921274800

  Modified files:
    openpkg-web/security    OpenPKG-SA-2004.017-png.txt

  Log:
    last minute CVE info CAN-2004-0421

  Summary:
    Revision    Changes     Path
    1.5         +6  -4      openpkg-web/security/OpenPKG-SA-2004.017-png.txt
  ____________________________________________________________________________

  patch -p0 <<'@@ .'
  Index: openpkg-web/security/OpenPKG-SA-2004.017-png.txt
  ============================================================================
  $ cvs diff -u -r1.4 -r1.5 OpenPKG-SA-2004.017-png.txt
  --- openpkg-web/security/OpenPKG-SA-2004.017-png.txt  29 Apr 2004 20:26:34 -0000     
 1.4
  +++ openpkg-web/security/OpenPKG-SA-2004.017-png.txt  29 Apr 2004 20:27:48 -0000     
 1.5
  @@ -66,12 +66,14 @@
   
   
   Description:
  -  According to a security advisory from Steve Grubb, libpng accesses
  +  According to a security advisory from Steve Grubb, libpng [1] accesses
     memory that is out of bounds when creating an error message. Depending
     on machine architecture, bounds checking and other protective
     measures, this problem could cause the program to crash if a defective
  -  or intentionally prepared PNG image file is handled by libpng. This
  -  can even lead to a Denial of Service (DoS) situation.
  +  or intentionally prepared PNG image file is handled by libpng.
  +  This can even lead to a Denial of Service (DoS) situation. The
  +  Common Vulnerabilities and Exposures (CVE) project assigned the id
  +  CAN-2004-0421 [2] to the problem.
   
     Please check whether you are affected by running "<prefix>/bin/rpm
     -q png" (and similarly for the other affected packages which have
  @@ -105,7 +107,7 @@
   
   References:
     [1] http://www.libpng.org/pub/png/
  -  [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-...
  +  [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0421
     [3] http://www.openpkg.org/tutorial.html#regular-source
     [4] http://www.openpkg.org/tutorial.html#regular-binary
     [5] ftp://ftp.openpkg.org/release/1.3/UPD/png-1.2.5-1.3.1.src.rpm
  @@ .
______________________________________________________________________
The OpenPKG Project                                    www.openpkg.org
CVS Repository Commit List                     [EMAIL PROTECTED]

Reply via email to