Path to this page:
Subject: CVS commit: pkgsrc/graphics/png
From: Frederick Bruckman
Date: 2004-05-10 03:15:14
Message id: 20040510011514.BA4052DA1D@cvs.netbsd.org
Log Message:
Don't read past the end of the error message string. This patch was
posted to png-implement by Glenn Randers-Pherson, libpng's maintainer.
This error was widely reported as "security issue",
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0421
even though there is no security issue. The most the error could do is
SIGSEGV, and that only with some fairly uncommon circumstances. The patch
posted with the advisory is in fact flawed, in that it calls strlen() on
presumably arbitrary data.
Bump PKGREVISION.
Files: