oss-sec mailing list archives
Re: [oCERT-2009-009] CamlImages integer overflows
From: Robert Buchholz <rbu () gentoo org>
Date: Sat, 4 Jul 2009 12:39:09 +0200
On Thursday 02 July 2009, Andrea Barisani wrote:
Unfortunately oCERT has been unable to get feedback from CamlImages maintainers and the package seems unmaintained, it's therefore suggested to avoid CamlImages usage on production or any environment where strong security is needed.
Richard Jones of RedHat contributed a patch and upstream is stated plans to review and incorporate it: http://www.nabble.com/Camlimages-integer-overflows-with-PNG-images-td24321780.html Robert
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- [oCERT-2009-009] CamlImages integer overflows Andrea Barisani (Jul 02)
- Re: [oCERT-2009-009] CamlImages integer overflows Robert Buchholz (Jul 02)
- Re: [oCERT-2009-009] CamlImages integer overflows Andrea Barisani (Jul 02)
- Re: [oCERT-2009-009] CamlImages integer overflows Robert Buchholz (Jul 04)
- Re: [oCERT-2009-009] CamlImages integer overflows Andrea Barisani (Jul 04)
- Re: [oCERT-2009-009] CamlImages integer overflows Robert Buchholz (Jul 02)