update vulnerable libpng to fixed version?
Andrey Chernov
ache at nagual.pp.ru
Thu Aug 5 08:29:21 PDT 2004
On Thu, Aug 05, 2004 at 11:16:06AM -0400, Chuck Swiger wrote:
> However, having 1.2.6rc1 listed as the recommended upgrade path in a CERT
> advisory probably makes 1.2.6rc1 more public than it would have been,
> otherwise. Speaking of which, the CERT advisory reads:
>
> In the case of VU#388984, an attacker with the ability to introduce a
> malformed PNG image to a vulnerable application could cause the
> application to crash or could potentially execute arbitrary code with
> the privileges of the user running the affected application.
Since CERT entry VU#388984 not points to any patch, I can only guess that
this bug is fixed by official 0-11 patches I commit several hours ago.
--
Andrey Chernov | http://ache.pp.ru/
More information about the freebsd-ports
mailing list