Summary: | media-libs/libpng <1.2.33 "png_handle_tEXt()" Memory Leak Vulnerability (CVE-2008-6218) | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Matti Bickel (RETIRED) <mabi> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | minor | CC: | base-system | ||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
URL: | http://secunia.com/advisories/32418/ | ||||||
Whiteboard: | B3 [glsa] | ||||||
Package list: | Runtime testing required: | --- | |||||
Bug Depends on: | |||||||
Bug Blocks: | 249026 | ||||||
Attachments: |
|
Description
Matti Bickel (RETIRED)
2008-10-28 18:49:42 UTC
base-system, can we have a unaffected version (libpng-1.2.33rc02 is what secunia says), please? Created attachment 170150 [details, diff]
libpng-1.2.33rc02-1.2.33rc01.patch
changes from rc01 to rc02
The patch applies to 1.2.26 as well (with some fuzz), but png_struct was changed since then, so it does not work. FYI libpng-1.2.33 is in the tree and has been for a while ... Arches, please test and mark stable: =media-libs/libpng-1.2.33 Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86" amd64/x86 stable ppc stable Stable for HPPA. alpha/arm/ia64/sparc stable ppc64 done Ready for vote, I vote YES. Yes, too. Request filed. GLSA 200903-28 |