oss-sec mailing list archives
Re: [oCERT-2009-009] CamlImages integer overflows
From: Andrea Barisani <lcars () ocert org>
Date: Sat, 4 Jul 2009 12:14:01 +0100
On Sat, Jul 04, 2009 at 12:39:09PM +0200, Robert Buchholz wrote:
On Thursday 02 July 2009, Andrea Barisani wrote:Unfortunately oCERT has been unable to get feedback from CamlImages maintainers and the package seems unmaintained, it's therefore suggested to avoid CamlImages usage on production or any environment where strong security is needed.Richard Jones of RedHat contributed a patch and upstream is stated plans to review and incorporate it: http://www.nabble.com/Camlimages-integer-overflows-with-PNG-images-td24321780.html
That's great, I'll update the advisory. Thanks -- Andrea Barisani | Founder & Project Coordinator oCERT | Open Source Computer Emergency Response Team <lcars () ocert org> http://www.ocert.org 0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E "Pluralitas non est ponenda sine necessitate"
Current thread:
- [oCERT-2009-009] CamlImages integer overflows Andrea Barisani (Jul 02)
- Re: [oCERT-2009-009] CamlImages integer overflows Robert Buchholz (Jul 02)
- Re: [oCERT-2009-009] CamlImages integer overflows Andrea Barisani (Jul 02)
- Re: [oCERT-2009-009] CamlImages integer overflows Robert Buchholz (Jul 04)
- Re: [oCERT-2009-009] CamlImages integer overflows Andrea Barisani (Jul 04)
- Re: [oCERT-2009-009] CamlImages integer overflows Robert Buchholz (Jul 02)