diff options
| author | fredb <fredb@pkgsrc.org> | 2004-05-10 01:15:14 +0000 |
|---|---|---|
| committer | fredb <fredb@pkgsrc.org> | 2004-05-10 01:15:14 +0000 |
| commit | 05ba31daa045fd9f738a83cc038602e3364ceb5d (patch) | |
| tree | 42e75f50f077c5112d02c38648a833ab8f4f163a /graphics/png/distinfo | |
| parent | a17a221baaebe618632e1c0afd402857a3b842ed (diff) | |
| download | pkgsrc-05ba31daa045fd9f738a83cc038602e3364ceb5d.tar.gz | |
Don't read past the end of the error message string. This patch was
posted to png-implement by Glenn Randers-Pherson, libpng's maintainer.
This error was widely reported as "security issue",
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0421
even though there is no security issue. The most the error could do is
SIGSEGV, and that only with some fairly uncommon circumstances. The patch
posted with the advisory is in fact flawed, in that it calls strlen() on
presumably arbitrary data.
Bump PKGREVISION.
Diffstat (limited to 'graphics/png/distinfo')
| -rw-r--r-- | graphics/png/distinfo | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/graphics/png/distinfo b/graphics/png/distinfo index 219d7d08d13..d2485d0d4b4 100644 --- a/graphics/png/distinfo +++ b/graphics/png/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.17 2004/04/27 22:40:35 tv Exp $ +$NetBSD: distinfo,v 1.18 2004/05/10 01:15:14 fredb Exp $ SHA1 (libpng-1.2.5.tar.bz2) = 6752eaf1a604edbbb0149b781155ef9cb47d80c3 Size (libpng-1.2.5.tar.bz2) = 378030 bytes @@ -6,4 +6,5 @@ SHA1 (patch-aa) = 0b3d28e526f8d1530e82c30be46aea19e5a32d6a SHA1 (patch-ab) = be7dc4a3e21c0056a913c5f1488528558024e6ea SHA1 (patch-ac) = 96e42c626b9aec1f2d68f920f147463ca77da27c SHA1 (patch-ad) = edfe5d2c827939eba9d62f426f5dca51979be245 -SHA1 (patch-ae) = a0f17e4a95d80ca51fb99d0abffffb31e20cc7f2 +SHA1 (patch-ae) = 8556ab8a0f3d2dab1f83a8aa7dcc6b5e6728f2a2 +SHA1 (patch-af) = 47ee1f744dc629d9160cbce239d1ec80a970d9be |