update vulnerable libpng to fixed version?
Andrey Chernov
ache at nagual.pp.ru
Thu Aug 5 08:41:42 PDT 2004
On Thu, Aug 05, 2004 at 07:29:15PM +0400, Andrey Chernov wrote:
> Since CERT entry VU#388984 not points to any patch, I can only guess that
> this bug is fixed by official 0-11 patches I commit several hours ago.
I mean, any _specific_ patch, of course.
They point to
http://scary.beasts.org/security/CESA-2004-001.txt
with some patch, but there is:
"NOTE! This patch serves as demo purposes for the flaws only. An official
v1.2.6 libpng with an official, slightly different fix will be released by
the libpng team in parallel with this advisory."
What is in 1.2.6 in that place is equal to 1.2.5 official patches. Patch
from CESA is not used.
--
Andrey Chernov | http://ache.pp.ru/
More information about the freebsd-ports
mailing list