Re: CVE request: optipng security release

[Robert Buchholz <rbu () gentoo org>]

On Tuesday 24 February 2009, Marcus Meissner wrote:
> Hi,
>
> According to http://optipng.sourceforge.net/
>
> optipng released OptiPNG 0.6.2 fixing
> "All current OptiPNG versions are known to be vulnerable to memory
> reallocation attacks, due to a bug in the GIF image reader.

Note that this is not fixed in 0.6.2, but there is a patch to apply on 
top of 0.6.2.
0.6.2 was the release fixing CVE-2008-5101 (bmp issue).


Robert

Attachment: signature.asc
Description: This is a digitally signed message part.