False vuxml alarms (ImageMagick)
Michael Edenfield
kutulu at kutulu.org
Thu Aug 12 08:45:27 PDT 2004
* Andrey Chernov <ache at nagual.pp.ru> [040812 07:21]:
> On Thu, Aug 12, 2004 at 12:56:57PM +0200, Oliver Eikemeier wrote:
>
> > >>>>>>libpng stack-based buffer overflow and other code concerns.
> >
> > Perhaps we should change the title to `errors in handling of specially
> > crafted png files' or make an extra entry for ImageMagick. But since all
> > problems seem to be exploited by the same set of png files, the former
> > seems to be the proper solution.
>
> But this one should be removed. The root of whole problem is: ImageMagick
> not understand patched libpng well. The entry should be rewritted to
> something like that, instead of confusing one. Please don't ask me to go
> and commit, not with my bad English.
I beleive the phrasing you are looking for is something like:
"Missing support for latest libpng security updates."
or something like that, which indicates that ImageMagik itself doesn't
have a security flaw but it also doesn't work with the patched libpng.
Also, would the same situation apply to other ports (mozilla and
firefox, for example) which just use libpng? I haven't looked too
deeply into the problem, i just upgrade libpng and everything else :)
--K
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20040812/9b232c4f/attachment.bin
More information about the freebsd-ports
mailing list