415985 – <net-im/skype-2.2.0.35-r99[qt-static]: Upstream 2.2.0.99: "Updated libpng to avoid potential security issue"

Bug 415985 - <net-im/skype-2.2.0.35-r99[qt-static]: Upstream 2.2.0.99: "Updated libpng to avoid potential security issue"

Summary: <net-im/skype-2.2.0.35-r99[qt-static]: Upstream 2.2.0.99: "Updated libpng to ...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal trivial (vote)
Assignee:	Gentoo Security

URL:	http://blogs.skype.com/garage/2012/05...
Whiteboard:	~3 [noglsa]
Keywords:

Depends on:	415997
Blocks:
	Show dependency tree

Reported:	2012-05-14 19:31 UTC by Markos Chandras (RETIRED)
Modified:	2012-05-21 12:40 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
skype-2.2.0.35-r2.diff (skype-2.2.0.35-r2.diff,893 bytes, patch) 2012-05-14 21:03 UTC, Julian Ospald	no flags	Details \| Diff
skype-2.2.0.35-r2.diff (skype-2.2.0.35-r2.diff,1.15 KB, patch) 2012-05-14 21:11 UTC, Julian Ospald	no flags	Details \| Diff
skype-2.2.0.35-r2.diff (skype-2.2.0.35-r2.diff,1.09 KB, patch) 2012-05-14 21:13 UTC, Julian Ospald	no flags	Details \| Diff
Show Obsolete (3) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Markos Chandras (RETIRED) gentoo-dev

2012-05-14 19:31:41 UTC

dynamic package is still in 2.2.0.35

However, 2.2.0.99 (static) fixes a security bug for libpng

Please bump

http://blogs.skype.com/garage/2012/05/skype_22_for_linux_hotfix.html

Comment 1 Julian Ospald 2012-05-14 19:55:39 UTC

this seems to need libtiff.so.4

./skype: error while loading shared libraries: libtiff.so.4: cannot open shared object file: No such file or directory

Comment 2 Samuli Suominen (RETIRED) gentoo-dev

2012-05-14 20:26:02 UTC

(In reply to comment #1)
> this seems to need libtiff.so.4
> 
> ./skype: error while loading shared libraries: libtiff.so.4: cannot open
> shared object file: No such file or directory

Debian patched SONAME from .so.3 to .so.4 which got used by Skype. 
Very, very ugly, but fixed by symlinks in >=media-libs/tiff-3.9.5-r3:3.

Comment 3 Julian Ospald 2012-05-14 21:03:42 UTC

Created attachment 311787 [details, diff]
skype-2.2.0.35-r2.diff

deps changed:
>=app-emulation/emul-linux-x86-baselibs-20120127-r1

deps added:
>=media-libs/tiff-3.9.5-r3:3

Comment 4 Julian Ospald 2012-05-14 21:11:44 UTC

Created attachment 311789 [details, diff]
skype-2.2.0.35-r2.diff

this is probably more elegant, so we don't force
>=app-emulation/emul-linux-x86-baselibs-20120127-r1
for non-qt-static users

Comment 5 Julian Ospald 2012-05-14 21:13:19 UTC

Created attachment 311793 [details, diff]
skype-2.2.0.35-r2.diff

sry, I'm a bit fuzzy today

Comment 6 Samuli Suominen (RETIRED) gentoo-dev

2012-05-21 12:08:10 UTC

In portage as 2.2.0.35-r99.

Comment 7 Samuli Suominen (RETIRED) gentoo-dev

2012-05-21 12:33:02 UTC

@security: This was never stable so I've closed as RESOLVED, FIXED and removed the vulnerable copies from tree.