Up to [cvs.NetBSD.org] / pkgsrc / graphics / png
Request diff between arbitrary revisions
Default branch: MAIN
Current tag: pkgsrc-2004Q2-base
Revision 1.18 / (download) - annotate - [select for diffs], Mon May 10 01:15:14 2004 UTC (19 years, 10 months ago) by fredb
Branch: MAIN
CVS Tags: pkgsrc-2004Q2-base,
pkgsrc-2004Q2
Changes since 1.17: +3 -2
lines
Diff to previous 1.17 (colored)
Don't read past the end of the error message string. This patch was posted to png-implement by Glenn Randers-Pherson, libpng's maintainer. This error was widely reported as "security issue", http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0421 even though there is no security issue. The most the error could do is SIGSEGV, and that only with some fairly uncommon circumstances. The patch posted with the advisory is in fact flawed, in that it calls strlen() on presumably arbitrary data. Bump PKGREVISION.