False vuxml alarms (ImageMagick)

Michael Edenfield kutulu at kutulu.org
Thu Aug 12 08:45:27 PDT 2004

* Andrey Chernov <ache at nagual.pp.ru> [040812 07:21]:
> On Thu, Aug 12, 2004 at 12:56:57PM +0200, Oliver Eikemeier wrote:
> > >>>>>>libpng stack-based buffer overflow and other code concerns.
> > 
> > Perhaps we should change the title to `errors in handling of specially 
> > crafted png files' or make an extra entry for ImageMagick. But since all 
> > problems seem to be exploited by the same set of png files, the former 
> > seems to be the proper solution.
> But this one should be removed. The root of whole problem is: ImageMagick 
> not understand patched libpng well. The entry should be rewritted to 
> something like that, instead of confusing one. Please don't ask me to go 
> and commit, not with my bad English.

I beleive the phrasing you are looking for is something like:

"Missing support for latest libpng security updates."

or something like that, which indicates that ImageMagik itself doesn't
have a security flaw but it also doesn't work with the patched libpng.
Also, would the same situation apply to other ports (mozilla and
firefox, for example) which just use libpng?  I haven't looked too
deeply into the problem, i just upgrade libpng and everything else :)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20040812/9b232c4f/attachment.bin

More information about the freebsd-ports mailing list