[Png-mng-security] Draft 02 security advisory for zero-length unknown chunk bug

Tavis Ormandy taviso at sdf.lonestar.org
Sat Apr 12 16:20:44 UTC 2008


On Sat, Apr 12, 2008 at 10:32:50AM -0400, Glenn Randers-Pehrson wrote:
> At 02:21 PM 4/11/2008 -0400, Glenn Randers-Pehrson wrote:
> >Draft 02, April 11, 2008 (glennrp):
> >
> >Libpng-1.2.26 security advisory -- April 12, 2008
> >
> >This bug has been identified as CVE-2008-1382.
> 
> I've posted this advisory without any further changes to png-mng-announce and
> png-mng-implement, and have posted copies at the PNG ftp site and SourceForge.
> Tavis, please pass a copy to your vendor-sec group and to anyone else you want.
> 
> Any further discussion of this can occur on png-mng-implement at lists.sf.net

Excellent, thanks Glenn!


-- 
-------------------------------------
taviso at sdf.lonestar.org | finger me for my gpg key.
-------------------------------------------------------



More information about the png-mng-security-archive mailing list