[Png-mng-security] security bug in png_handle_tRNS
Glenn Randers-Pehrson
glennrp at comcast.net
Mon May 7 21:50:04 UTC 2007
At 01:42 PM 5/7/2007 -0700, Andreas Dilger wrote:
>On May 07, 2007 13:53 -0400, Glenn Randers-Pehrson wrote:
>> I just got a reply from CERT:
>>
>> Thank you for the report, we are tracking this as VU#684664.
>> We will follow up with our established contacts at libpng.
>>
>> Greg or maybe Andreas Dilger is probably the "established contact".
>
>I haven't gotten anything from CERT either.
I have (the "established contact" turns out to be glennrp at imagemagick.org),
but they insist on using encrypted commo so I could not read
it. They called me at home a while ago but I was outside watching the
grass grow.
I guess the only thing really to discuss is how long to wait before
disclosing the problem, and whether to release a fixed libpng and
mozilla quietly before disclosure.
Glenn
More information about the png-mng-security-archive
mailing list