Summary: | <media-libs/libpng{1.2.54,1.5.24,1.6.19}: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions (CVE-2015-8126) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | base-system, flow |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://sourceforge.net/p/png-mng/mailman/message/34615043/ | ||
See Also: | https://bugzilla.redhat.com/show_bug.cgi?id=1281756 | ||
Whiteboard: | A2 [glsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 564244 |
Description
Agostino Sarubbo
![]() Arches please test and mark stable the following versions: =media-libs/libpng-1.2.54: ~alpha amd64 ~arm arm64 ~hppa ~ia64 m68k ~mips ~ppc64 s390 sh ~sparc x86 ~sparc-fbsd ~x86-fbsd ~amd64-linux ~x86-linux =media-libs/libpng-1.5.24: ~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~x86-interix ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt =media-libs/libpng-1.6.19: alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~x86-interix ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt amd64 stable x86 stable (In reply to Lars Wendler (Polynomial-C) from comment #1) > Arches please test and mark stable the following versions: > > =media-libs/libpng-1.2.54: > ~alpha amd64 ~arm arm64 ~hppa ~ia64 m68k ~mips ~ppc64 s390 sh ~sparc x86 > ~sparc-fbsd ~x86-fbsd ~amd64-linux ~x86-linux Most of these have no stable keywords on this SLOT. > =media-libs/libpng-1.5.24: > ~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh > ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd > ~x86-interix ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos > ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris > ~x86-solaris ~x86-winnt Most of these have no stable keywords on this SLOT. > =media-libs/libpng-1.6.19: > alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 > ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd > ~x86-interix ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos > ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris > ~x86-solaris ~x86-winnt This is probably the SLOT you want those stable keywords on. Stable for PPC64. Stable for HPPA. alpha stable ia64 stable ppc stable arm stable Ping on sparc stabilization, only one holding this down. At the same time filing for glsa so can write it up. sparc stable Arches, Thank you for your work. Maintainer(s), please drop the vulnerable version(s). It has been 30 days since last request. Maintainer(s), please drop the vulnerable version(s). Please cleanup version: 1.6.18 Thanks for the report. re: http://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d936b8ae0be80754a7474c38768356b2850079e9 This issue was resolved and addressed in GLSA 201611-08 at https://security.gentoo.org/glsa/201611-08 by GLSA coordinator Aaron Bauman (b-man). |