Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 335508

Summary: <app-emulation/emul-linux-x86-baselibs-20100915-r1: contains potential vulnerable libpng library
Product: Gentoo Security Reporter: Sven Vermeulen <sven.vermeulen>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major    
Priority: High    
Version: unspecified   
Hardware: AMD64   
OS: Linux   
URL: http://www.cvedetails.com/cve-details.php?cve_id=CVE-2010-1205
Whiteboard: A2 [glsa]
Package list:
Runtime testing required: ---

Description Sven Vermeulen 2010-09-01 13:29:40 UTC 
Package app-emulation/emul-linux-x86-baselibs-20100611 contains:
/usr/lib32/libpng14.so.14.2.0
/usr/lib32/libpng12.so.0

The libpng package has a potential vulnerability against these versions:
  libpng 1.4.2 -> CVE-2010-1205
  libpng 1.2.43 -> CVE-2010-1205

See also bug #324153

Reproducible: Always
Comment 1 Samuli Suominen (RETIRED) gentoo-dev 2010-10-05 17:32:08 UTC 
@security: 

This bug is fixed in current stable emul-linux-x86-baselibs-20100915-r1. There's nothing left to do here, except glsa vote(?)

ref:

$ strings /usr/lib32/libpng12.so.0  |grep "libpng version" | head -n 1
libpng version 1.2.44 - June 26, 2010
$ qfile -v libpng12.so.0
app-emulation/emul-linux-x86-baselibs-20100915-r1 (/usr/lib32/libpng12.so.0)
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2011-01-01 23:20:14 UTC 
(In reply to comment #1)
> @security: 
> 
> This bug is fixed in current stable emul-linux-x86-baselibs-20100915-r1.
> There's nothing left to do here, except glsa vote(?)
> 

Thank you. I'd rate this as A2, which does not require a vote. GLSA request filed.
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2014-12-12 01:09:02 UTC 
This issue was resolved and addressed in
 GLSA 201412-11 at http://security.gentoo.org/glsa/glsa-201412-11.xml
by GLSA coordinator Sean Amoss (ackle).