[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 4 Jul 2009 12:14:01 +0100
From: Andrea Barisani <lcars@...rt.org>
To: Robert Buchholz <rbu@...too.org>
Cc: oss-security@...ts.openwall.com
Subject: Re: [oCERT-2009-009] CamlImages integer overflows
On Sat, Jul 04, 2009 at 12:39:09PM +0200, Robert Buchholz wrote:
> On Thursday 02 July 2009, Andrea Barisani wrote:
> > Unfortunately oCERT has been unable to get feedback from CamlImages
> > maintainers and the package seems unmaintained, it's therefore
> > suggested to avoid CamlImages usage on production or any environment
> > where strong security is needed.
>
> Richard Jones of RedHat contributed a patch and upstream is stated plans
> to review and incorporate it:
> http://www.nabble.com/Camlimages-integer-overflows-with-PNG-images-td24321780.html
>
That's great, I'll update the advisory.
Thanks
--
Andrea Barisani | Founder & Project Coordinator
oCERT | Open Source Computer Emergency Response Team
<lcars@...rt.org> http://www.ocert.org
0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E
"Pluralitas non est ponenda sine necessitate"
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Powered by Openwall GNU/*/Linux -
Powered by OpenVZ
