Summary: | media-libs/libextractor integer overflow | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Glenn L. McGrath <bug1> | ||||||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||||||
Status: | RESOLVED FIXED | ||||||||||
Severity: | normal | CC: | net-p2p | ||||||||
Priority: | High | ||||||||||
Version: | unspecified | ||||||||||
Hardware: | All | ||||||||||
OS: | Linux | ||||||||||
Whiteboard: | B2? [noglsa] jaervosz | ||||||||||
Package list: | Runtime testing required: | --- | |||||||||
Attachments: |
|
Description
Glenn L. McGrath
2005-10-18 17:22:26 UTC
This relase fixes integer overflow. I don't know if it sourious bug, but ChangeLog mentions: Thu Sep 15 00:56:51 PDT 2005 Fixed incorrectly handled integer overflow in png extractor. Adding security to CC net-p2p please bump. (In reply to comment #2) > net-p2p please bump. this is already bumped. i suppose sekretarz just wanted to let you know about this overflow x86 sparc: please test and mark 0.5.6a stable Can't get marked stable until those dependencies are resolved. DEPEND.bad 1 media-libs/libextractor/libextractor-0.5.6a.ebuild: x86(default-linux/x86/2005.0) ['>=x11-libs/gtk+-2.6.10'] RDEPEND.bad 1 media-libs/libextractor/libextractor-0.5.6a.ebuild: x86(default-linux/x86/2005.0) ['>=x11-libs/gtk+-2.6.10'] This is a problem for both sparc and x86. sparc stable. x86 stable Ready for GLSA vote. I would vote yes right away if I was sure there was an exploitable vulnerability fixed in this release. "Fixed incorrectly handled integer overflow in png extractor" doesn't mean there was something exploitable here. I wonder if that doesn't mean that the old fix was just a little dirty... Someone will have to look deeper. Also waiting for further information before I can vote YES. Hm. Really not sure about this one. I agree that pngextractor needed some fixorz, but not sure they patch something exploitable. Apparently Debian agrees with me since they pushed 0.5.6a without the security tag. To make your own mind, I'll attach the 0.5.6a file and the 0.5.5 -> 0.5.6a patchfile for pngextractor.c... Created attachment 72019 [details, diff]
pngextractor_0.5.5-0.5.6a.diff
The fix in question (diff between the 0.5.5 and the 0.5.6a version of
pngextractor.c)
Created attachment 72020 [details]
pngextractor.c
pngextractor.c from 0.5.6a
Created attachment 72023 [details, diff]
pngextractor_0.5.5-0.5.6a.patch
The unified one, so that taviso can read it :P
There does not appear to be any security impact here, marking CLOSED. |