[Png-mng-security] libpng: memory overwrite (png_check_keyword()) [SuSE]
glennrp at comcast.net
glennrp at comcast.net
Mon Feb 9 22:53:02 UTC 2009
----- Original Message -----
From: "Greg Roelofs" <newt at pobox.com>
To: png-mng-security at simple.dallas.tx.us
Sent: Monday, February 9, 2009 4:47:52 PM GMT -05:00 US/Canada Eastern
Subject: Re: [Png-mng-security] libpng: memory overwrite (png_check_keyword()) [SuSE]
> Is this an old bug that SuSE just got around to fixing, or a new one that
> hasn't been reported here?
Hmmm, looks like maybe it's the one Jon Foster reported on png-mng-implement
on 26 November. He never got a response, and I didn't check the release
notes to see if it was quietly addressed in the meantime. Yes? No?
Greg
_______________________________________________
I suppose it's this one:
version 1.2.34beta05 [December 5, 2008]
Removed redundant check for key==NULL before calling png_check_keyword()
to ensure that new_key gets initialized and removed extra warning
(Arvan Pritchard).
Glenn
More information about the png-mng-security-archive
mailing list