Summary: | media-libs/libpng : Denial of Service vulnerability | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Olivier Castan <castan.o> |
Component: | GLSA Errors | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | Flags: | koon:
Assigned_To?
(koon) |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
URL: | http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:040 | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: |
files/libpng-1.2.5-gentoo.diff
files/libpng-1.0.15-gentoo.diff |
Description
Olivier Castan
2004-05-03 12:53:47 UTC
Confirmed -- denial of service attack is probably the highest risk here. no metadata.xml or recent maintainer : we need someone to apply the Mandrake patch to libpng-1.2.5-r4 (slot 1.2) and libpng-1.0.15-r1 (slot 1.0) and rev-bump the ebuilds. -K Created attachment 30917 [details, diff]
files/libpng-1.2.5-gentoo.diff
New diff file for 1.2.5 including the patch
Tested : applies OK, compiles OK, works OK
Created attachment 30918 [details, diff]
files/libpng-1.0.15-gentoo.diff
New diff file for libpng-1.0.15
Tested : Applies OK, Compiles OK, Works ? (I have no application using libpng1)
ebuilds libpng-1.2.5 and libpng-1.0.15 should be rev-bumped so that the
security fix appears in normal upgrade process
Koon, Updated in portage. All arches have libpng-1.2.5-r4.ebuild marked stable already. KEYWORDS="x86 ppc sparc mips alpha arm hppa amd64 ia64 ppc64 s390" Added both patches however. It's upto you if you want to call for arch testing or not. I don't think you/we need to in this case. Can someone rev-bump to 1.2.5-r5 and 1.0.15-r2 so that the new diff file gets taken into account in the normal upgrade process ? Ready for a GLSA GLSA 200405-06 |