Closed
Bug 257492
Opened 20 years ago
Closed 20 years ago
CERT vulnerability in current (Aug 31) Mozilla CVS source
Categories
(Core :: Graphics: ImageLib, defect)
Core
Graphics: ImageLib
Tracking
()
RESOLVED
DUPLICATE
of bug 251381
People
(Reporter: u153838, Assigned: pavlov)
References
()
Details
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Build Identifier: http://www.kb.cert.org/vuls/id/388984
The current Mozilla CVS source does not contain the fix for this CERT
vulnerability so far as I can see.
Reproducible: Always
Steps to Reproduce:
1.
2.
3.
I did a standard CVS enlistment (following the instructions), the tRNS bug
seems to be present in pngrutil.c/png_handle_tRNS.
|
||
Comment 1•20 years ago
|
||
isn't this fixed with bug 251381 ? I can see a patch dealing with PLTE & tRNS at
the end of attachment 155114 [details] [diff] [review].
The referenced change in nsPNGDecoder.cpp fixes this. The changes also fix
various other of the CERT VUs, however the report only references the CAN
numbers, here's a set of CERT VUs - look at bug 251381 for more info (BTW the
affordances of striking bug numbers out suck):
VU# 388984 http://www.kb.cert.org/vuls/id/388984
VU# 817368 http://www.kb.cert.org/vuls/id/817368
VU# 236656 http://www.kb.cert.org/vuls/id/236656
VU# 477512 http://www.kb.cert.org/vuls/id/477512
VU# 160448 http://www.kb.cert.org/vuls/id/160448
VU# 286464 http://www.kb.cert.org/vuls/id/286464
No guarantee that 251381 really does fix these from me, but it almost certainly
does...
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
|
||
Comment 3•20 years ago
|
||
I can't see a bugfix in this bug -> not fixed
Status: RESOLVED → UNCONFIRMED
Resolution: FIXED → ---
|
|
||
Comment 4•20 years ago
|
||
*** This bug has been marked as a duplicate of 251381 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago → 20 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•