Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri,  4 Dec 2015 23:45:50 -0500 (EST)
From: cve-assign@...re.org
To: glennrp@...il.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: Status of CVE-2015-8126: libpng buffer overflow in png_set_PLTE

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> The patch was incomplete.  While it defended against the potential overrun
> while reading PNG files, it did not detect a potential overrun by
> applications using png_set_PLTE directly.  Libpng versions 1.6.20, 1.5.25,
> 1.4.18, 1.2.55, and 1.0.65 which were released today, December 3, 2015, fix
> this remaining problem.

Use CVE-2015-8472 for this remaining problem that existed
in 1.6.19, 1.5.24, 1.4.17, 1.2.54, and 1.0.64.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWYmuxAAoJEL54rhJi8gl5fKgP/R34HOQsDbtueiudqEmpZiRY
XvFsHDn8sq0hc8q3YokGFmsxrZ3JiIpbk6BYOdTWRr1HwQVfhTCZQ/RTs5KdPEoL
H/Hg5Izeu04FibarTKkkbGiNqhQm/JuFe5YFm8+y652B5dCdtljGrHiVQJRp/fNy
ZKiSfkhShLVI/S2okJIcHPf6EZOtUH8BJEo3Al0Yo2+aQlZHYrwfnrcybDwlg4lQ
VK7SL/kuY/adQd6OTzE6/yyhfyVqkRmWLy4bVsIcVMLTbWATT6iz729TtAChgReB
iDCNdAvjbVsBNnFGnJM9gspKag5mh7X4N3LncCgJhjiZHfswuJO+fZEVMNJLYRZR
oYGSTAs5CRV8aQRrbOQOItbSv1d4IxjifZiTCLKKg8er6AKQGCrNV2H5wH4yuP2s
22DpILP6WFDR20hNfTwMG4I8VLyftpnjlULnJcU/OE2c2+AiInPdmGunJ+UGpZYo
ojoSTnYnrIRb7LUankhNhFJEZCDFDRTqfidID7+3I9bJoxXYrX04sPsqY4zOisB0
AhU6MduHIQZ030RAQ4GBYPwAvCVE83MwYm12akWVWZOV8ufHMLb9vueGsNYca1cr
xk+cgOAKridrnku8Szx5hNx908DR73CjqxMIgesri61PgYTSVMMMDZmPjQQwkt1n
fPgsgykozfzDkyw3O1NY
=UXtM
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ