---------- Forwarded message ----------
From: Glenn Randers-Pehrson
Date: 15.05.2007 23:05
Subject: [png-mng-implement] Libpng-1.0.25 and libpng-1.2.17
To: png-mng-implement@lists.sf.net
Cc: png-mng-announce@lists.sf.net
libpng-1.0.25 and libpng-1.2.17 are available at
ftp://ftp.simplesystems.org/pub/png/src
and at
libpng.sf.net
These releases fix a vulnerability in png_handle_tRNS() by which
a malformed PNG file can crash a libpng application. The bug has
existed since libpng-0.90. The vulnerability is identified as
CVE-2007-2445 and CERT VU#684664.
Glenn
-------------------------------------------------------------------------
Merging the changes was easy; it will be included in 1.40.4.
Best
Martin
