[Png-mng-security] libpng: memory overwrite (png_check_keyword()) [SuSE]

glennrp at comcast.net glennrp at comcast.net
Mon Feb 9 22:53:02 UTC 2009


----- Original Message -----
From: "Greg Roelofs" <newt at pobox.com>
To: png-mng-security at simple.dallas.tx.us
Sent: Monday, February 9, 2009 4:47:52 PM GMT -05:00 US/Canada Eastern
Subject: Re: [Png-mng-security] libpng: memory overwrite (png_check_keyword()) [SuSE]

> Is this an old bug that SuSE just got around to fixing, or a new one that
> hasn't been reported here?

Hmmm, looks like maybe it's the one Jon Foster reported on png-mng-implement
on 26 November.  He never got a response, and I didn't check the release
notes to see if it was quietly addressed in the meantime.  Yes?  No?

Greg
_______________________________________________

I suppose it's this one:

version 1.2.34beta05 [December 5, 2008]
  Removed redundant check for key==NULL before calling png_check_keyword()
    to ensure that new_key gets initialized and removed extra warning
    (Arvan Pritchard).


Glenn



More information about the png-mng-security-archive mailing list