Opened 6 years ago

Closed 6 years ago

#8715 closed enhancement (fixed)


Reported by: ken@… Owned by: ken@…
Priority: high Milestone: 8.0
Component: BOOK Version: SVN
Severity: normal Keywords:


Spotted in an lwn report of security fixes by Slackware: libpng-1.6.27. Not showing in the normal link to sourceforge, but the external home page points to [] which worked for me (whether it works when editing the book is, of course, a different matter).

From the external home page:

Vulnerability Warning

Virtually all libpng versions through 1.6.26, 1.5.27, 1.4.19, 1.2.56, and 1.0.66, respectively, have a null-pointer-dereference bug in png_set_text_2() when an image-editing application adds, removes, and re-adds text chunks to a PNG image. (This bug does not affect pure viewers, nor are there any known editors that could trigger it without interactive user input. It has been assigned ID CVE-2016-10087.) The vulnerability is fixed in versions 1.6.27, 1.5.28, 1.4.20, 1.2.57, and 1.0.67, released on 29 December 2016.

Change History (4)

comment:1 by ken@…, 6 years ago

Owner: changed from blfs-book@… to ken@…
Priority: normalhigh
Status: newassigned

comment:2 by ken@…, 6 years ago

hmm, it is showing at and it is indeed at but it looks like the details of what is the latest version didn't get updated. I'll subscribe to their list.

comment:3 by ken@…, 6 years ago

Fixed in r18128.

comment:4 by ken@…, 6 years ago

Resolution: fixed
Status: assignedclosed
Note: See TracTickets for help on using tickets.