libpng does not correctly handle unknown zero-length chunks, which could result in writing to attacker controlled addresses, depending on how the libpng api is used. Vapier, this issue is under embargo until 2008-04-12. Do not commit anything to CVS until this date. Please prepare an updated ebuild and attach it to this bug, we will do prestable testing here. Thanks.
Created attachment 149228 [details, diff] libpng-CVE-2007-6070.patch Upstream patch.
Created attachment 149262 [details] libpng-1.2.26-r1-CVE-2007-6070.tar.lzma pretty straightforward ...
Arch Security Liaisons, please test the attached ebuild and report it stable on this bug. Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 release s390 sh sparc x86" CC'ing current Liaisons: alpha : ferdy amd64 : welp hppa : jer ppc : dertobi123 ppc64 : corsair release : pva sparc : fmccor x86 : opfer vapier, please note that CVE-2007-6070 has been dropped in favour of CVE-2008-1382 for this issue.
sparc looks good (patch installs, -r1 builds and passes its tests).
Works for HPPA.
Looks okay on alpha/ia64/x86
looks good on ppc64
looks good on ppc
Looks good on amd64/x86
vapier, can you please commit the ebuild to CVS with the keywords gathered in this bug. Please rename the patch to reflect that CVE-2008-1382 should be used for the issue.
added to the tree
vapier, could you set the keywords as approved by arch liaisons in here, so that the GLSA can go out as soon as it is approved up to now the following arches gave their "looks good": alpha amd64 hppa ia64 ppc ppc64 sparc x86 final target is: KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc ~sparc-fbsd x86 ~x86-fbsd" so cc'ing remaining arches as well as release since there was no comment from them yet
(In reply to comment #12) > vapier, could you set the keywords as approved by arch liaisons in here, so > that the GLSA can go out as soon as it is approved I marked stable for the keywords. base-system was not in CC on the bug anymore.
GLSA 200804-15
Fixed in release snapshot.