Date: Wed, 12 Nov 2008 12:42:05 +0100 From: Jan Lieskovsky <jlieskov@...hat.com> To: "Steven M. Christey" <coley@...re.org> Cc: oss-security@...ts.openwall.com Subject: CVE Request -- OptiPNG Hello Steve, OptiPNG upstream has released new version, fixing between others one security issue -- buffer overflow present in reader responsible for BMP images handling. References: http://sourceforge.net/project/shownotes.php?release_id=639631&group_id=151404 http://secunia.com/Advisories/32651/ http://www.frsirt.com/english/advisories/2008/3108/references http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505399 http://optipng.sourceforge.net/ Affected versions: all prior to prior to 0.6.2. (from Secunia advisory) Proposed solution: Upgrade to 0.6.2 or security patch against 0.6.1 available at: http://prdownloads.sourceforge.net/optipng/optipng-0.6.1.1.diff?download Impact: arbitrary code execution (from Secunia advisory) Could you please allocate a new CVE id for this issue? Thanks, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.