Closed Bug 257492 Opened 20 years ago Closed 20 years ago

CERT vulnerability in current (Aug 31) Mozilla CVS source

Categories

(Core :: Graphics: ImageLib, defect)

Product:
Core
Component:
Graphics: ImageLib
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 251381

People

(Reporter: u153838, Assigned: pavlov)

References

(
URL
)

Details

User-Agent:       Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Build Identifier: http://www.kb.cert.org/vuls/id/388984

The current Mozilla CVS source does not contain the fix for this CERT 
vulnerability so far as I can see.

Reproducible: Always
Steps to Reproduce:
1.
2.
3.




I did a standard CVS enlistment (following the instructions), the tRNS bug 
seems to be present in pngrutil.c/png_handle_tRNS.
isn't this fixed with bug 251381 ? I can see a patch dealing with PLTE & tRNS at
the end of attachment 155114 [details] [diff] [review].
The referenced change in nsPNGDecoder.cpp fixes this.  The changes also fix 
various other of the CERT VUs, however the report only references the CAN 
numbers, here's a set of CERT VUs - look at bug 251381 for more info (BTW the 
affordances of striking bug numbers out suck): 
 
VU# 388984 http://www.kb.cert.org/vuls/id/388984 
VU# 817368 http://www.kb.cert.org/vuls/id/817368 
VU# 236656 http://www.kb.cert.org/vuls/id/236656 
VU# 477512 http://www.kb.cert.org/vuls/id/477512 
VU# 160448 http://www.kb.cert.org/vuls/id/160448 
VU# 286464 http://www.kb.cert.org/vuls/id/286464 
 
No guarantee that 251381 really does fix these from me, but it almost certainly 
does...
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
I can't see a bugfix in this bug -> not fixed
Status: RESOLVED → UNCONFIRMED
Resolution: FIXED → ---

*** This bug has been marked as a duplicate of 251381 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago20 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.