On Wednesday 22 November 2006 19:00, Josh Bressers wrote:
I'm going to presume you're claiming that since Fedora Core
the latest libpng, it's vulnerable to the issues fixed in the upstream
Actually I downloaded the libpng src.rpm with yumdownloader --source libpng
and took a look into it, it contains the spec, the upstream tarball and two
Description of CVE-2006-3334
| Buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng
| before 1.2.12 allows context-dependent attackers to cause a denial of
| service and possibly execute arbitrary code via unspecified vectors related
| to "chunk error processing," possibly involving the "chunk_name".
libpng in Fedora Core has all relevant security issues backported
$ grep pngrutil.c libpng-1.2.10-pngconf.patch libpng-1.2.10-multilib.patch
So it is not backported.
The libpng homepage also states for release 1.2.12:
| The same releases (and their immediate predecessors) also fix an
| out-of-bounds (by one) memory read and a second buffer overrun, this one in
| the code that writes the sCAL ("physical scale of subject") chunk (which is
| rather rare in any case).
The patch for this is not backported, either.
I do not know how relevant above vulnerabilites are, since novel states that
CVE-2006-3334 is not that important in
If you have concerns regarding a specific issue, feel free to bring
up, but bug 211705 in no way represents a security flaw.
But if the mentioned issues are no security flaws please document it in
bugzilla, so it does not seem to be ignored.