This is the mail archive of the
cygwin-apps
mailing list for the Cygwin project.
Security advisory (UPLOAD): libungif
- From: "Yaakov S (Cygwin Ports)" <yselkowitz at users dot sourceforge dot net>
- To: cygwin-apps at cygwin dot com
- Date: Fri, 04 Nov 2005 09:32:40 -0600
- Subject: Security advisory (UPLOAD): libungif
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
libungif (< 4.1.4) may dereference NULL or write out of bounds when
processing malformed images, potentially resulting in Denial of Service
or arbitrary code execution.
Please upload, and remove all previous versions:
ftp://sunsite.dk/projects/cygwinports/release/libungif/libungif-4.1.4-1-src.tar.bz2
ftp://sunsite.dk/projects/cygwinports/release/libungif/libungif-4.1.4-1.tar.bz2
ftp://sunsite.dk/projects/cygwinports/release/libungif/libungif4/libungif4-4.1.4-1.tar.bz2
ftp://sunsite.dk/projects/cygwinports/release/libungif/libungif4/setup.hint
ftp://sunsite.dk/projects/cygwinports/release/libungif/setup.hint
I broke out the dll in this release, so the setup.hint's need to be
uploaded too.
Yaakov
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Cygwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDa38XpiWmPGlmQSMRAqlkAKDtit8a+0tsyYWzzXUZ3z6uxZ56uACg+7EO
w5UQtVIVjOGEezjfPKblG8Q=
=nVrX
-----END PGP SIGNATURE-----