CVE-2008-5907 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5907): The png_check_keyword function in pngwutil.c in libpng before 1.0.42, and 1.2.x before 1.2.34, might allow context-dependent attackers to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords, related to an implicit cast of the '\0' character constant to a NULL pointer. NOTE: some sources incorrectly report this as a double free vulnerability.
base-system: can this go stable?
The summary is misleading as it includes version 1.2.34 which seems to be unaffected.
Thanks, fixed.
ive seen no regressions with 1.2.34 ... it's fine to stabilize
Arches, please test and mark stable: =media-libs/libpng-1.2.34 Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"
Sparc stable (I've been using it with no problems for 3 or 4 weeks now).
ppc stable
Stable on alpha.
amd64/x86 stable
Stable for HPPA.
ppc64 done
ia64: *ping*
GLSA together with bug 244808.
ia64 stable
Redhat is disputing this issue: http://thread.gmane.org/gmane.comp.security.oss.general/1375
GLSA 200903-28