[sylpheed:34115] Re: Sylpheed 3.0.3 released (security release)
Hiroyuki Yamamoto
hiro-y at kcn.ne.jp
Thu Jul 1 10:55:19 JST 2010
On Wed, 30 Jun 2010 09:54:40 -0600
Gene Goldenfeld <genegold at fastmail.fm> wrote:
> What security holes does this patch with Win32 relative to 3.1 beta?
sylpheed-win32-imglibs-fix2.zip fixes the following libpng and libtiff
vulnerability. Only CVE-2010-2249 will affect Sylpheed, so the security
impact is actually not so high.
- buffer overflow in progressive PNG image processing (this will not
affect Sylpheed) (CVE-2010-1205)
- memory leak bug when viewing PNG images (CVE-2010-2249)
- CVE-2009-2347 libtiff: integer overflows in various inter-color space
conversion tools (the tools are not included in Sylpheed, so this
does not affect Sylpheed)
--
Hiroyuki Yamamoto <hiro-y at kcn.ne.jp>
More information about the Sylpheed
mailing list