4:13 a.m.
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=216263
Summary: CVE-2006-5793: libpng10 < 1.0.21 DoS vulnerability
Product: Fedora Extras
Version: fc6
Platform: All
OS/Version: Linux
Status: NEW
Severity: normal
Priority: normal
Component: libpng10
AssignedTo: paul(a)city-fan.org
ReportedBy: ville.skytta(a)iki.fi
QAContact: extras-qa(a)fedoraproject.org
CC: extras-qa(a)fedoraproject.org,fedora-security-
list(a)redhat.com
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5793
"The sPLT chunk handling code (png_set_sPLT function in pngset.c) in libpng
1.0.6 through 1.2.12 uses a sizeof operator on the wrong data type, which allows
context-dependent attackers to cause a denial of service (crash) via malformed
sPLT chunks that trigger an out-of-bounds read."
Appears to be fixed in 1.0.21.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
8:04 a.m.
New subject: [Bug 216263] CVE-2006-5793: libpng10 < 1.0.21 DoS vulnerability
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: CVE-2006-5793: libpng10 < 1.0.21 DoS vulnerability
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=216263
paul(a)city-fan.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
------- Additional Comments From paul(a)city-fan.org 2006-11-19 09:04 EST -------
I have 1.0.21 packages prepared, but can't import and build yet due to the cvs
outage. If anyone would like a preview, I have packages here:
http://www.city-fan.org/~paul/extras/libpng10/
(no ppc packages as I don't have a ppc builder)
Note that libpng10 is a Core package for all releases prior to FC6 (and
presumably RHEL too) so separate bugs will need raising for those releases.
http://www.fedoraproject.org/wiki/Extras/Schedule/SecurityAnnoucements has
disappeared from the wiki, so is there a document somewhere stating how to
prepare and send out a securiry announcement?
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
4:17 a.m.
New subject: [Bug 216263] CVE-2006-5793: libpng10 < 1.0.21 DoS vulnerability
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: CVE-2006-5793: libpng10 < 1.0.21 DoS vulnerability
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=216263
------- Additional Comments From paul(a)city-fan.org 2006-11-21 05:17 EST -------
1.0.21-1 has built successfully for Rawhide and FC6, and should be released
later today. A fix is still needed for FC5 and earlier releases of course.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
10:56 a.m.
New subject: [Bug 216263] CVE-2006-5793: libpng10 < 1.0.21 DoS vulnerability
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: CVE-2006-5793: libpng10 < 1.0.21 DoS vulnerability
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=216263
------- Additional Comments From ville.skytta(a)iki.fi 2006-11-21 11:56 EST -------
FC report is in bug 216706, and today's FE push is in progress.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
9:01 p.m.
New subject: [Bug 216263] CVE-2006-5793: libpng10 < 1.0.21 DoS vulnerability
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: CVE-2006-5793: libpng10 < 1.0.21 DoS vulnerability
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=216263
thorjansen(a)gmail.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |thorjansen(a)gmail.com
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
12:53 a.m.
New subject: [Bug 216263] CVE-2006-5793: libpng10 < 1.0.21 DoS vulnerability
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: CVE-2006-5793: libpng10 < 1.0.21 DoS vulnerability
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=216263
ville.skytta(a)iki.fi changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |CLOSED
Resolution| |ERRATA
Fixed In Version| |1.0.21-1
------- Additional Comments From ville.skytta(a)iki.fi 2006-11-26 01:53 EST -------
Looks like this has been fixed for a while now.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
6354
days inactive
6362
days old
security@lists.fedoraproject.org
5 comments
1 participants
participants (1)
-
Red Hat Bugzilla