[Bug 216706] New: CVE-2006-5793 libpng, libpng10 DoS
Josh Bressers
bressers at redhat.com
Wed Nov 22 18:00:43 UTC 2006
>
> The core maintainer of libpng did not respond for a month to another
> security related bug:
>
> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=211705
>
> According to the reporter it describes a bug that is now already nearly 5
> months known. Please do something now to fix this,
>
I'm going to presume you're claiming that since Fedora Core doesn't have
the latest libpng, it's vulnerable to the issues fixed in the upstream
new version.
libpng in Fedora Core has all relevant security issues backported into it.
CVE-2006-5793 is not currently fixed, but I suspect we won't be fixing it
as it's simply a client crash and should not have been called a security
issue in the first place. Even if we do consider it a security flaw, it
represents an extremely low severity flaw.
If you have concerns regarding a specific issue, feel free to bring that
up, but bug 211705 in no way represents a security flaw.
--
JB
More information about the Fedora-security-list
mailing list