Summary: | media-libs/libpng: buffer overflow due to loop offset values | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Thierry Carrez (RETIRED) <koon> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | major | CC: | vapier | ||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | All | ||||||
URL: | http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:063 | ||||||
Whiteboard: | A2 [glsa] | ||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
Thierry Carrez (RETIRED)
2004-07-07 01:57:00 UTC
Created attachment 34898 [details, diff] Mandrake patch for CAN-2002-1363 Mandrake and OpenPKG talk about "2 additional places" were a fix is required to solve CAN-2002-1363. Here is the Mandrake patch (OpenPKG uses the same). Note that the PNG team did not issue a corrected patch, the one at http://www.libpng.org/pub/png/src/libpng-1.2.5-patch2-pngrtran.CAN-2002-1363.diff is still incomplete. We should merge this patch to the Gentoo patch. Mike: you did the last cleanups on this, could you apply patch and bump ? version bumped to 1.2.5-r7 and made stable for all arches since -r6 was stable and the patch changes very little We probably don't have any other vulnerable package (since we link dynamically to libpng) so this is ready for a GLSA. GLSA drafted: security please review GLSA 200407-06 |