11:56 a.m.
#944: Request for inclusion of libpng10-1.0.41-1.fc10 in Fedora 10
-----------------------------+----------------------------------------------
Reporter: pghmcfc | Owner: rel-eng(a)lists.fedoraproject.org
Type: task | Status: new
Milestone: Fedora 10 Final | Component: koji
Keywords: |
-----------------------------+----------------------------------------------
libpng10-1.0.41-1.fc10 includes an upstream fix for a memory leak that can
happen when parsing malformed PNG images, which thus has the potential for
a DoS attack.
https://bugzilla.redhat.com/show_bug.cgi?id=468990
http://koji.fedoraproject.org/koji/taskinfo?taskID=913611
There will no doubt be a corresponding update for the main libpng package
too.
There is no ABI change in this update, and I shall be preparing the same
update for Fedora 8 and 9.
--
Ticket URL: <https://fedorahosted.org/rel-eng/ticket/944>
Fedora Release Engineering <http://fedorahosted.org/rel-eng>
Release Engineering for the Fedora Project
4:56 p.m.
#944: Request for inclusion of libpng10-1.0.41-1.fc10 in Fedora 10
------------------------------+---------------------------------------------
Reporter: pghmcfc | Owner: rel-eng(a)lists.fedoraproject.org
Type: task | Status: new
Milestone: Fedora 10 Final | Component: koji
Resolution: | Keywords:
------------------------------+---------------------------------------------
Comment (by wwoods):
The only real change is a security fix for a remotely-exploitable DoS bug.
OTOH, as pointed out in the bug report, there's plenty of ways to craft a
*valid* PNG that will consume all the memory on your system.
Definite +1 for Final, and for Preview if there's time, but this isn't
something to do an emergency respin over.
--
Ticket URL: <https://fedorahosted.org/rel-eng/ticket/944#comment:1>
Fedora Release Engineering <http://fedorahosted.org/rel-eng>
Release Engineering for the Fedora Project
12:14 p.m.
#944: Request for inclusion of libpng10-1.0.41-1.fc10 in Fedora 10
------------------------------+---------------------------------------------
Reporter: pghmcfc | Owner: rel-eng(a)lists.fedoraproject.org
Type: task | Status: closed
Milestone: Fedora 10 Final | Component: koji
Resolution: fixed | Keywords:
------------------------------+---------------------------------------------
Changes (by jkeating):
* status: new => closed
* resolution: => fixed
Comment:
+1, tagging moving.
--
Ticket URL: <https://fedorahosted.org/rel-eng/ticket/944#comment:2>
Fedora Release Engineering <http://fedorahosted.org/rel-eng>
Release Engineering for the Fedora Project
5661
days inactive
5663
days old
rel-eng@lists.fedoraproject.org
2 comments
1 participants
participants (1)
-
Fedora Release Engineering