This is an old revision of the document!
Slackware-13.0 ChangeLog (2016-12-30)
Fri Dec 30 19:29:13 UTC 2016
Packages
Upgraded
- patches/packages/libpng-1.2.57-i486-1_slack13.0.txz
This release fixes an old NULL pointer dereference bug in png_set_text_2()
discovered and patched by Patrick Keshishian. The potential “NULL
dereference” bug has existed in libpng since version 0.71 of June 26, 1995.
To be vulnerable, an application has to load a text chunk into the png
structure, then delete all text, then add another text chunk to the same
png structure, which seems to be an unlikely sequence, but it has happened.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10087
(* Security fix *)