Closed Bug 737502 Opened 12 years ago Closed 12 years ago

libpng-1.5.10 will fix CVE-2011-3048

Categories

(Core :: Security, defect)

Product:
Core
Component:
Security
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: glennrp+bmo, Assigned: glennrp+bmo)

Details

(Whiteboard: [sg:nse]) 

Heads up: Libpng-1.5.10 will be released on March 29th to fix CVE-2011-3048.  Do not be concerned; it does not affect mozilla, no matter if it uses the embedded libpng or the system libpng, because the bug is in tEXt/zTXt/iTXt chunk processing.  These chunks are ignored by mozilla.
Assignee: nobody → glennrp+bmo
Status: NEW → ASSIGNED
Whiteboard: Clear security bug and I will mark this WFM when libpng-1.5.10 is released
Whiteboard: Clear security bug and I will mark this WFM when libpng-1.5.10 is released → Clear security flag when libpng-1.5.10 is released and I will mark this bug WFM.
Whiteboard: Clear security flag when libpng-1.5.10 is released and I will mark this bug WFM. → [sg:nse] Clear security flag when libpng-1.5.10 is released and I will mark this bug WFM.
It's OK to clear the security flag now.  Libpng-1.5.10, which fixes the vulnerability, has been released.
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → WORKSFORME
Whiteboard: [sg:nse] Clear security flag when libpng-1.5.10 is released and I will mark this bug WFM.
Whiteboard: [sg:nse] → [sg:nse] Please clear the security flag. libpng-1.5.10 has been out for a couple of weeks now.
We updated our libpng to 1.5.10 in bug 745178
Group: core-security
Whiteboard: [sg:nse] Please clear the security flag. libpng-1.5.10 has been out for a couple of weeks now. → [sg:nse]
You need to log in before you can comment on or make changes to this bug.