161086 - Another buffer overflow in libpng?

Status: VERIFIED DUPLICATE of bug 155222

(Core :: Graphics: ImageLib, defect)

Description

[Ben Bucksch (:BenB)]

- --------------------------------------------------------------------------
Debian Security Advisory DSA 140-2                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
August 5th, 2002   
- --------------------------------------------------------------------------

Package        : libpng, libpng3
Vulnerability  : Buffer overflow
Problem-Type   : remote
Debian-specific: no

In addition to the advisory DSA 140-1 the packages below fix another
potential buffer overflow.  The PNG libraries implement a safety
margin which is also included in a newer upstream release.  Thanks to
Glenn Randers-Pehrson for informing us.

This problem has been fixed in version 1.0.12-3.woody.2 of libpng and
version 1.2.1-1.1.woody.2 of libpng3 for the current stable
distribution (woody).

We recommend that you upgrade your libpng packages.


---

Comment 1

[tor]

Not enough information -> invalid.

Comment 2

[Glenn Randers-Pehrson]

It's a duplicate of bug #155222

Glenn

Comment 3

[tor]

.

Comment 4

[tor]

*** This bug has been marked as a duplicate of 155222 ***

Comment 5

[Ben Bucksch (:BenB)]

No, this is not a dup, I am aware of the other bug. Note the "Another".

There is probably more information available in the Debian bug database and/or
CC-Cert and/or the bug database for libpng. I don't have the time (and
permission, in case of CERT?) to look it up - I just wanted to inform you.

Comment 6

[Glenn Randers-Pehrson]

I saw the "another" and it *is* a duplicate.  We fixed two things in
libpng-1.2.4/1.0.14 last month and in Mozilla.  Debian only fixed one,
and I reminded them about the other yesterday.  They responded by submitting
this duplicate bug against Mozilla.

Glenn

Comment 7

[Ben Bucksch (:BenB)]

OK, sorry. Verify.