Summary: | <media-libs/libpng-1.6.37: use-after-free vulnerability in png_image_free (CVE-2019-7317) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Lars Wendler (Polynomial-C) (RETIRED) <polynomial-c> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | base-system |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | A3 [glsa+ cve] | ||
Package list: |
media-libs/libpng-1.6.37
|
Runtime testing required: | --- |
Description
Lars Wendler (Polynomial-C) (RETIRED)
2019-04-15 07:51:30 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=426f4ca3682918ea499ab99b48f9106f71164f1f commit 426f4ca3682918ea499ab99b48f9106f71164f1f Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2019-04-15 11:45:05 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2019-04-15 11:45:54 +0000 media-libs/libpng: Security bump to version 1.6.37 Bug: https://bugs.gentoo.org/683366 Package-Manager: Portage-2.3.62, Repoman-2.3.12 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> media-libs/libpng/Manifest | 2 ++ media-libs/libpng/libpng-1.6.37.ebuild | 45 ++++++++++++++++++++++++++++++++++ 2 files changed, 47 insertions(+) amd64 stable arm64 stable arm stable hppa/sparc stable x86 stable alpha stable s390 stable New GLSA Request filed. Please continue with the stabilization ia64 stable ppc stable ppc64 stable @base-system, please drop vulnerable. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5b31a7ecfeac4e19df2d77cd1b469c1b6bc77938 commit 5b31a7ecfeac4e19df2d77cd1b469c1b6bc77938 Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2019-04-30 07:44:06 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2019-04-30 07:44:06 +0000 media-libs/libpng: Security cleanup. Bug: https://bugs.gentoo.org/683366 Package-Manager: Portage-2.3.66, Repoman-2.3.12 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> media-libs/libpng/Manifest | 4 --- media-libs/libpng/libpng-1.6.35-r1.ebuild | 45 ------------------------------- media-libs/libpng/libpng-1.6.36.ebuild | 45 ------------------------------- 3 files changed, 94 deletions(-) This issue was resolved and addressed in GLSA 201908-02 at https://security.gentoo.org/glsa/201908-02 by GLSA coordinator Aaron Bauman (b-man). |