Fwd: [OpenPKG-SA-2004.035] OpenPKG Security Advisory (png)

Matthias B. msbREMOVE-THIS at winterdrache.de
Fri Aug 6 03:07:02 PDT 2004

On Thu, 5 Aug 2004 15:16:02 +0100 Ian Molton <spyro at f2s.com> wrote:

> On Wed, 4 Aug 2004 19:05:44 -0600
> Archaic <archaic at linuxfromscratch.org> wrote:
> > 
> > 
> > Looks like it's much more that png that we need to worry about.
> not me... the joys of dynamic linking - not one of my programs contains
> a static libpng (I just checked).

And even if you had lots of statically linked programs you would not
really be in trouble. Browser and mail client are usually the only apps
that get to see PNG images from untrusted sources.


2+2=5, for moderately large values of two.

More information about the lfs-security mailing list