[Bug 504782] New: libpng: Interlaced Images Information Disclosure Vulnerability
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
Summary: libpng: Interlaced Images Information Disclosure Vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=504782
Summary: libpng: Interlaced Images Information Disclosure
Vulnerability
Product: Security Response
Version: unspecified
Platform: All
OS/Version: Linux
Status: NEW
Status Whiteboard: source=gentoo,reported=20090606,public=20090604,impact
=low?
Keywords: Security
Severity: medium
Priority: medium
Component: vulnerability
AssignedTo: security-response-team(a)redhat.com
ReportedBy: thoger(a)redhat.com
CC: paul(a)city-fan.org, lfarkas(a)lfarkas.org,
tgl(a)redhat.com, berrange(a)redhat.com,
rjones(a)redhat.com,
fedora-mingw(a)lists.fedoraproject.org
Classification: Other
Target Release: ---
Quoting Secunia advisory SA35346:
http://secunia.com/advisories/35346/
A vulnerability has been reported in libpng, which can be exploited
by malicious people to disclose potentially sensitive information.
The vulnerability is caused due to an error when processing 1-bit
interlaced images. This can be exploited to disclose uninitialised
memory via specially crafted images having widths that are not
divisible by 8.
The vulnerability is reported in versions prior to 1.2.37.
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
13 years, 8 months
[Bug 613993] Review Request: mingw32-celt051 - An audio codec for use in low-delay speech and audio communication
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=613993
--- Comment #2 from Gerd Hoffmann <kraxel(a)redhat.com> 2010-08-03 12:55:34 EDT ---
The rpmlint warnings are bogous, this isn't needed with recent rpm versions
(Fedora 13+).
This package builds both shared and static libraries with native linux builds
and static libraries only on windows cross builds. The configure output
indicates it thinks libtool supports creating dlls. No idea why it doesn't and
whenever it is intentional or not.
The package guidelines about separate -static (and -devel) packages don't apply
to mingw32-* packacges according to rjones.
Will fixup the other nits and upload new builds later today or tomorrow.
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
13 years, 8 months