#3977 closed defect (fixed)
update libpng 1.6.19 to 1.6.21 due to security
Reported by: | Raymond | Owned by: | |
---|---|---|---|
Priority: | Must Have | Milestone: | Alpha 20 |
Component: | Core engine | Keywords: | |
Cc: | Patch: |
Description (last modified by )
see:
http://www.libpng.org/pub/png/libpng.html :
"Virtually all libpng versions through 1.6.19, 1.5.24, 1.4.17, 1.2.54, and 1.0.64, respectively, have a potential pointer overflow/underflow in png_handle_sPLT()/png_handle_pCAL() (and in png_handle_iTXt()/png_handle_zTXt() in the pre-1.6 branches), and all such versions likewise have a bug in their png_set_PLTE() implementations that left it open to the out-of-bounds write (CVE-2015-8126) that was supposed to have been fixed in the previous release. The bugs are fixed in versions 1.6.20, 1.5.25, 1.4.18, 1.2.55, and 1.0.65, released on 3 December 2015."
Change History (3)
comment:1 by , 8 years ago
comment:2 by , 6 years ago
Description: | modified (diff) |
---|---|
Milestone: | Backlog → Alpha 23 |
Resolution: | → fixed |
Status: | new → closed |
comment:3 by , 6 years ago
Milestone: | Alpha 23 → Alpha 20 |
---|
Thanks for noticing this had been fixed. I'm putting that in the correct milestone though.
...for using zlib