pkgsrc-changes: CVS commit: pkgsrc/graphics/png

Subject: CVS commit: pkgsrc/graphics/png
To: None <pkgsrc-changes@netbsd.org>
From: Frederick Bruckman <fredb@netbsd.org>
List: pkgsrc-changes
Date: 12/19/2002 23:25:11

Module Name:	pkgsrc
Committed By:	fredb
Date:		Thu Dec 19 21:25:10 UTC 2002

Modified Files:
	pkgsrc/graphics/png: Makefile distinfo
Added Files:
	pkgsrc/graphics/png/patches: patch-ac

Log Message:
Fix a buffer overrun in png_do_read_filler() with 16-bit samples, as
reported to the png-implement mailing list by Glenn Randers-Pehrson:

ftp://swrinde.nde.swri.edu/pub/png-group/archives/png-implement.200212

[Glenn Randers-Pehrson is the original author and chief maintainer of
libpng.]

From the discussion in the archive, it appears to be unlikely that the
bug could be exploited by a malicious web-server, chiefly because the
operation that triggers it is more likely to be carried out by an image
manipulation program (i.e. pngcrush), than by a web browser.


To generate a diff of this commit:
cvs rdiff -r1.44 -r1.45 pkgsrc/graphics/png/Makefile
cvs rdiff -r1.11 -r1.12 pkgsrc/graphics/png/distinfo
cvs rdiff -r0 -r1.1 pkgsrc/graphics/png/patches/patch-ac

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.