[sylpheed:34115] Re: Sylpheed 3.0.3 released (security release)

Hiroyuki Yamamoto hiro-y at kcn.ne.jp
Thu Jul 1 10:55:19 JST 2010

On Wed, 30 Jun 2010 09:54:40 -0600
Gene Goldenfeld <genegold at fastmail.fm> wrote:

> What security holes does this patch with Win32 relative to 3.1 beta?

sylpheed-win32-imglibs-fix2.zip fixes the following libpng and libtiff
vulnerability. Only CVE-2010-2249 will affect Sylpheed, so the security
impact is actually not so high.

- buffer overflow in progressive PNG image processing (this will not
  affect Sylpheed) (CVE-2010-1205)
- memory leak bug when viewing PNG images (CVE-2010-2249)
- CVE-2009-2347 libtiff: integer overflows in various inter-color space
  conversion tools (the tools are not included in Sylpheed, so this
  does not affect Sylpheed)

Hiroyuki Yamamoto <hiro-y at kcn.ne.jp>

More information about the Sylpheed mailing list