Re: [Bug 216706] New: CVE-2006-5793 libpng, libpng10 DoS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> 
> The core maintainer of libpng did not respond for a month to another
> security related bug:
> 
> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=211705
> 
> According to the reporter it describes a bug that is now already nearly 5
> months known. Please do something now to fix this,
> 

I'm going to presume you're claiming that since Fedora Core doesn't have
the latest libpng, it's vulnerable to the issues fixed in the upstream
new version.

libpng in Fedora Core has all relevant security issues backported into it.
CVE-2006-5793 is not currently fixed, but I suspect we won't be fixing it
as it's simply a client crash and should not have been called a security
issue in the first place.  Even if we do consider it a security flaw, it
represents an extremely low severity flaw.

If you have concerns regarding a specific issue, feel free to bring that
up, but bug 211705 in no way represents a security flaw.

-- 
    JB

--
Fedora-security-list mailing list
Fedora-security-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-security-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Coolkey]

  Powered by Linux