[Qt-interest] PNG/Tiff vulnerability fixes - anyone tracking these?
Oliver.Knoll at comit.ch
Oliver.Knoll at comit.ch
Mon Jun 28 16:11:27 CEST 2010
Hi,
I just read an article: libPNG has a security fix: http://www.libpng.org/pub/png/libpng.html: "Both bugs are fixed in versions 1.4.3 and 1.2.44, released 25 June 2010."
Apparently also libTIFF has some security fixes: Apparently the 3.9.4 solves some buffer overflows: http://www.remotesensing.org/libtiff/
Article (german) which summarises and links to these issues: http://www.heise.de/newsticker/meldung/Kritische-Luecke-in-PNG-Referenz-Bibliothek-geschlossen-1029939.html
Qt applications which read these formats from unknown sources are probably affected, too.
Anyone at Nokia tracking the 3rd party library security issues anyway, or should I create a Qt bug entry for that? :) Would be nice if these changes would still make it into the upcoming Qt 4.7...
Cheers, Oliver
--
Oliver Knoll
Dipl. Informatik-Ing. ETH
COMIT AG - ++41 79 520 95 22
More information about the Qt-interest-old
mailing list