On 5/4/2012 8:21 PM, Yaakov (Cygwin/X) wrote:
I have sent notices of multiple security vulnerabilities in libpng going
back LAST JULY, with several additions and pings (no pun intended)
since. Can we *please* see some sign that you are still maintaining
these packages?
I wanted to roll out the
On 2012-03-29 19:00, Yaakov (Cygwin/X) wrote:
On 2012-02-26 02:02, marco atzeri wrote:
Vulnerability Warning
All versions of libpng from 1.0.6 through 1.5.8, 1.4.8, 1.2.46, and
1.0.56, respectively, fail to correctly validate a heap allocation in
png_decompress_chunk(), which can lead to a buff
On 2012-02-26 02:02, marco atzeri wrote:
again, libpng announced security vulnerabilities:
from : http://www.libpng.org/pub/png/libpng.html
Vulnerability Warning
All versions of libpng from 1.0.6 through 1.5.8, 1.4.8, 1.2.46, and
1.0.56, respectively, fail to correctly validate a heap allocati
On 2/26/2012 3:02 AM, marco atzeri wrote:
> All versions of libpng from 1.0.6 through 1.5.8, 1.4.8, 1.2.46, and
> 1.0.56, respectively, fail to correctly validate a heap allocation in
> png_decompress_chunk(), which can lead to a buffer-overrun and the
> possibility of execution of hostile code on
Hi Chuck,
again, libpng announced security vulnerabilities:
from : http://www.libpng.org/pub/png/libpng.html
Vulnerability Warning
All versions of libpng from 1.0.6 through 1.5.8, 1.4.8, 1.2.46, and
1.0.56, respectively, fail to correctly validate a heap allocation in
png_decompress_chunk(),
On Tue, 2011-07-26 at 17:40 -0400, Charles Wilson wrote:
> On 7/26/2011 4:38 PM, Yaakov (Cygwin/X) wrote:
> > On Tue, 2011-07-26 at 15:48 -0400, Charles Wilson wrote:
> >> General question: would it be acceptable to move libpng10 to obsolete
> >> (removing libpng10-devel), and NOT update it -- rath
On 7/26/2011 4:38 PM, Yaakov (Cygwin/X) wrote:
> On Tue, 2011-07-26 at 15:48 -0400, Charles Wilson wrote:
>> General question: would it be acceptable to move libpng10 to obsolete
>> (removing libpng10-devel), and NOT update it -- rather than removing it
>> entirely?
>
> No, because anything which
On Tue, 2011-07-26 at 15:48 -0400, Charles Wilson wrote:
> On 7/26/2011 3:43 PM, Yaakov (Cygwin/X) wrote:
> > Remedy:
> > Update libpng10 to 1.0.55 (or just remove it, as nothing in the distro
> > depends on it any more), libpng12 to 1.2.45, and libpng14 to 1.4.8.
>
> Thanks for the headsup. I don
On 7/26/2011 3:43 PM, Yaakov (Cygwin/X) wrote:
> Remedy:
> Update libpng10 to 1.0.55 (or just remove it, as nothing in the distro
> depends on it any more), libpng12 to 1.2.45, and libpng14 to 1.4.8.
Thanks for the headsup. I don't think I can get to this before tomorrow
night, tho.
General quest
Chuck,
All versions of libpng have recently announced security vulnerabilities:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2690
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2691
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2692
Remedy:
Update libpng10 to 1.0.55 (o
10 matches
Mail list logo
