Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 195147
Alias:
Product:
Component:
Status: RESOLVED
Resolution: DUPLICATE of bug 194864
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Tobias Heinlein <keytoaster@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 195147 depends on: Show dependency tree
Bug 195147 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2007-10-08 20:47 0000 
A vulnerability has been reported in libpng, which potentially can be exploited
by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an off-by-one error within the ICC profile
chunk handling, which potentially can be exploited to crash an application
using the library.

Note: Other chunk handling routines may be affected, too.

The vulnerability is reported in version 1.2.21. Other versions may also be
affected.

Solution:
Fixed in 1.2.22 beta 2 or later.

------- Comment #1 From Tobias Heinlein 2007-10-08 20:52:49 0000 ------- 
Base-system, please advise.

------- Comment #2 From Christian Faulhammer 2007-10-08 21:30:16 0000 ------- 
(In reply to comment #1)
> Base-system, please advise.

 Maybe this is already fixed with 1.2.21-r2, see bug 194864

------- Comment #3 From SpanKY 2007-10-08 22:13:55 0000 ------- 
yes, already been fixed and the version in question was never in stable, so
nothing to be done for security

*** This bug has been marked as a duplicate of bug 194864 ***
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug