340261 – GLSA 201010-01 references non-vulnerable versions of libpng

Bug 340261 - GLSA 201010-01 references non-vulnerable versions of libpng

Summary: GLSA 201010-01 references non-vulnerable versions of libpng

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	GLSA Errors (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:
Keywords:	PATCH

Depends on:
Blocks:

Reported:	2010-10-09 12:42 UTC by Richard Freeman
Modified:	2014-06-02 14:08 UTC (History)
CC List:	4 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Suggested fix to glsa (glsa-201010-01.xml.patch,429 bytes, patch) 2014-06-02 12:42 UTC, David Flogeras	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Richard Freeman gentoo-dev

2010-10-09 12:42:53 UTC

GLSA 201010-01 contains:
      <vulnerable range="lt">1.4.3</vulnerable>

Bug 335887 suggests that libpng 1.2.44 is not vulnerable.

Either the GLSA should be fixed, or 1.2.44 should be masked.

Reproducible: Always

Comment 1 Murph 2014-03-05 15:59:07 UTC

This seems to have been fixed for some versions, but now the latest 1.2 version (1.2.51) is not listed.

Maybe there should be better support for ranges?

Comment 2 David Flogeras 2014-06-02 12:42:03 UTC

Created attachment 378062 [details, diff]
Suggested fix to glsa

This got rid of the (false) glsa warning on my setup

Comment 3 Sergey Popov gentoo-dev

2014-06-02 14:08:27 UTC

Thanks guys, fixes commited