libpng upstream version 1.2.32beta01 fixes an insufficient memory allocation flaw in the "png_push_read_zTXt()" function in pngpread.c, that results in a write of once null byte past the end of allocated buffer. References: http://sourceforge.net/project/shownotes.php?release_id=624518 http://www.openwall.com/lists/oss-security/2008/09/09/3 Upstream bug report: http://sourceforge.net/tracker/index.php?func=detail&aid=2095669&group_id=5624&atid=105624 As noted in the upstream bug report, this issue was introduced upstream in libpng-1.2.30beta04 and currently only affect 1.2.31 as available in Fedora Rawhide. Versions of libpng as shipped in Red Hat Enterprise Linux 2.1, 3, 4 and 5 are not affected by this flaw.
Fixed now in Fedora Rawhide, no other affected product -> closing.