Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 246522

Summary: media-gfx/optipng < 0.6.2 bmp buffer overflow (CVE-2008-5101)
Product: Gentoo Security Reporter: Hanno Böck <hanno>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: tristan
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://secunia.com/Advisories/32651/
Whiteboard: B2 [glsa]
Package list:
Runtime testing required: ---

Description Hanno Böck gentoo-dev 2008-11-12 18:26:32 UTC 
See secunia advisory:
http://secunia.com/Advisories/32651/

We already have 0.6.2 in the tree, so we only need to stabilize it, arch's cc'ed.
Comment 1 Christian Hoffmann (RETIRED) gentoo-dev 2008-11-12 22:03:38 UTC 
Arches, please test and stabilize:
  =media-gfx/optipng-0.6.2

Target keywords: alpha amd64 ppc x86
Comment 2 Markus Meier gentoo-dev 2008-11-15 10:30:17 UTC 
amd64/x86 stable
Comment 3 Raúl Porcel (RETIRED) gentoo-dev 2008-11-15 11:47:33 UTC 
alpha stable
Comment 4 Tobias Scherbaum (RETIRED) gentoo-dev 2008-11-15 18:16:31 UTC 
ppc stable
Comment 5 Stefan Behte (RETIRED) gentoo-dev Security 2008-11-18 15:09:35 UTC 
CVE-2008-5101 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5101):
  Buffer overflow in the BMP reader in OptiPNG 0.6 and 0.6.1 allows
  user-assisted attackers to execute arbitrary code via a crafted BMP
  image, related to an "array overflow."
Comment 6 Tobias Heinlein (RETIRED) gentoo-dev 2008-11-22 17:38:19 UTC 
GLSA request filed.
Comment 7 Robert Buchholz (RETIRED) gentoo-dev 2008-12-02 17:26:17 UTC 
GLSA 200812-01