Slackware-13.37 ChangeLog (2016-12-30)

Fri Dec 30 19:29:13 UTC 2016

  • patches/packages/libpng-1.4.20-i486-1_slack13.37.txz
    This release fixes an old NULL pointer dereference bug in png_set_text_2()
    discovered and patched by Patrick Keshishian. The potential “NULL
    dereference” bug has existed in libpng since version 0.71 of June 26, 1995.
    To be vulnerable, an application has to load a text chunk into the png
    structure, then delete all text, then add another text chunk to the same
    png structure, which seems to be an unlikely sequence, but it has happened.
    For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10087
    (* Security fix *)
  • news/2016/12/30/slackware-13.37-changelog.txt
  • Last modified: 11 months ago
  • by Giuseppe Di Terlizzi