A typo in png_set_sPLT() may cause an application using libpng to read out of bounds, resulting in a crash.
This was discovered by Tavis Ormandy, Gentoo Linux Security Auditing Team.
Created attachment 101400 [details, diff]
sPLT chunk handling fix
vapier, could you attach an updated ebuild
as usual, pls don't commit anything yet
tavis, is there a disclosure date or anything?
Created attachment 101579 [details]
arch security liaisons, pls test the attached ebuild and give your ok on this bug do not commit anything yet
sparc looks fine.
ppc looks good
x86 looks good
looks good on hppa
looks good on amd64.
vapier, pls commit the ebuild
alpha/ppc64 test and mark stable pls, we really want this to go out soon
calling the remaining arches when the ebuild has been committed
looks good on ppc64. please commit with stable ppc64 keyword, too. sorry for being late (that 'having no internet connection thing')
1.2.13 now in portage
Arch keywording needed. Target keywords are:
alpha amd64 arm hppa ia64 m68k mips ppc ppc64 s390 sh sparc x86 ~x86-fbsd
someone please mark this stable on sparc/ppc64/hppa (see comment #5, comment #8, comment #11) so that we can send the GLSA
Stable for HPPA.