oss-sec mailing list archives
Re: CVE Request (netpbm)
From: Josh Bressers <bressers () redhat com>
Date: Thu, 23 Oct 2008 14:01:45 -0400 (EDT)
----- "Josh Bressers" <bressers () redhat com> wrote:
I've not seen this assigned yet, it is a bit old, sorry for the delay. We noticed this via a Fedora update: https://admin.fedoraproject.org/updates/F9/FEDORA-2008-6999 update to 10.35.48, fixes buffer overrun in pamperspective and pngtopnm output format
OK, I spent some time trying to figure this one out, and mailed upstream about it. That message from Fedora is misleading and wrong. The commit in question fixes an OOB memory read, which we won't consider a security flaw. Sorry for sending this request before I'd done a proper investigation. -- JB
Current thread:
- CVE Request (netpbm) Josh Bressers (Oct 22)
- <Possible follow-ups>
- Re: CVE Request (netpbm) Josh Bressers (Oct 23)