oss-sec mailing list archives

Re: CVE Request (netpbm)

From: Josh Bressers <bressers () redhat com>
Date: Thu, 23 Oct 2008 14:01:45 -0400 (EDT)

----- "Josh Bressers" <bressers () redhat com> wrote:

I've not seen this assigned yet, it is a bit old, sorry for the
delay.

We noticed this via a Fedora update:
https://admin.fedoraproject.org/updates/F9/FEDORA-2008-6999

    update to 10.35.48, fixes buffer overrun in pamperspective and
pngtopnm output
    format


OK, I spent some time trying to figure this one out, and mailed upstream about it.  That message from Fedora is 
misleading and wrong.  The commit in question fixes an OOB memory read, which we won't consider a security flaw.

Sorry for sending this request before I'd done a proper investigation.

-- 
    JB

Current thread:

CVE Request (netpbm) Josh Bressers (Oct 22)
- <Possible follow-ups>
- Re: CVE Request (netpbm) Josh Bressers (Oct 23)