Summary: | media-gfx/megapov affected by bundled libpng-1.2.8 (CVE-2008-5907, ...) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Diego Elio Pettenò (RETIRED) <flameeyes> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | binki, esigra, graphics+disabled |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | ~2 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 251464 |
Description
Diego Elio Pettenò (RETIRED)
2009-06-07 20:25:43 UTC
megapov is at least affected by CVE-2008-5709 (c.f. bug 255231). For susceptibility to CVE-2008-5907, only 2 out of 3 needed requirements are met. I didn't check for other issues, but the one hit is enough for me to take action: Graphics, can you rip out libpng? If not, as upstream development seems to have stopped and no package RDPENEDS on it, we'd have to consider megapov as a candidate for removal. No response from maintainers. Treecleaners, please proceed to last rites. # Jeremy Olexa <darkside@gentoo.org> (3 Jul 2009) # Security issue, dead upstream. Removal in 60 days, bug 273105 media-gfx/megapov removed from tree, security team: all yours. libpng was rated B2 in bug #255231 megapov was never stable from what I see. → noglsa |