#944: Request for inclusion of libpng10-1.0.41-1.fc10 in Fedora 10 -----------------------------+---------------------------------------------- Reporter: pghmcfc | Owner: rel-eng@lists.fedoraproject.org Type: task | Status: new Milestone: Fedora 10 Final | Component: koji Keywords: | -----------------------------+---------------------------------------------- libpng10-1.0.41-1.fc10 includes an upstream fix for a memory leak that can happen when parsing malformed PNG images, which thus has the potential for a DoS attack.
https://bugzilla.redhat.com/show_bug.cgi?id=468990
http://koji.fedoraproject.org/koji/taskinfo?taskID=913611
There will no doubt be a corresponding update for the main libpng package too.
There is no ABI change in this update, and I shall be preparing the same update for Fedora 8 and 9.
#944: Request for inclusion of libpng10-1.0.41-1.fc10 in Fedora 10 ------------------------------+--------------------------------------------- Reporter: pghmcfc | Owner: rel-eng@lists.fedoraproject.org Type: task | Status: new Milestone: Fedora 10 Final | Component: koji Resolution: | Keywords: ------------------------------+--------------------------------------------- Comment (by wwoods):
The only real change is a security fix for a remotely-exploitable DoS bug.
OTOH, as pointed out in the bug report, there's plenty of ways to craft a *valid* PNG that will consume all the memory on your system.
Definite +1 for Final, and for Preview if there's time, but this isn't something to do an emergency respin over.
#944: Request for inclusion of libpng10-1.0.41-1.fc10 in Fedora 10 ------------------------------+--------------------------------------------- Reporter: pghmcfc | Owner: rel-eng@lists.fedoraproject.org Type: task | Status: closed Milestone: Fedora 10 Final | Component: koji Resolution: fixed | Keywords: ------------------------------+--------------------------------------------- Changes (by jkeating):
* status: new => closed * resolution: => fixed
Comment:
+1, tagging moving.
rel-eng@lists.fedoraproject.org