Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 246522 - media-gfx/optipng < 0.6.2 bmp buffer overflow (CVE-2008-5101)
Summary: media-gfx/optipng < 0.6.2 bmp buffer overflow (CVE-2008-5101)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://secunia.com/Advisories/32651/
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2008-11-12 18:26 UTC by Hanno Böck
Modified: 2008-12-02 17:26 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Hanno Böck gentoo-dev 2008-11-12 18:26:32 UTC
See secunia advisory:
http://secunia.com/Advisories/32651/

We already have 0.6.2 in the tree, so we only need to stabilize it, arch's cc'ed.
Comment 1 Christian Hoffmann (RETIRED) gentoo-dev 2008-11-12 22:03:38 UTC
Arches, please test and stabilize:
  =media-gfx/optipng-0.6.2

Target keywords: alpha amd64 ppc x86
Comment 2 Markus Meier gentoo-dev 2008-11-15 10:30:17 UTC
amd64/x86 stable
Comment 3 Raúl Porcel (RETIRED) gentoo-dev 2008-11-15 11:47:33 UTC
alpha stable
Comment 4 Tobias Scherbaum (RETIRED) gentoo-dev 2008-11-15 18:16:31 UTC
ppc stable
Comment 5 Stefan Behte (RETIRED) gentoo-dev Security 2008-11-18 15:09:35 UTC
CVE-2008-5101 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5101):
  Buffer overflow in the BMP reader in OptiPNG 0.6 and 0.6.1 allows
  user-assisted attackers to execute arbitrary code via a crafted BMP
  image, related to an "array overflow."

Comment 6 Tobias Heinlein (RETIRED) gentoo-dev 2008-11-22 17:38:19 UTC
GLSA request filed.
Comment 7 Robert Buchholz (RETIRED) gentoo-dev 2008-12-02 17:26:17 UTC
GLSA 200812-01