Package app-emulation/emul-linux-x86-baselibs-20100611 contains: /usr/lib32/libpng14.so.14.2.0 /usr/lib32/libpng12.so.0 The libpng package has a potential vulnerability against these versions: libpng 1.4.2 -> CVE-2010-1205 libpng 1.2.43 -> CVE-2010-1205 See also bug #324153 Reproducible: Always
@security: This bug is fixed in current stable emul-linux-x86-baselibs-20100915-r1. There's nothing left to do here, except glsa vote(?) ref: $ strings /usr/lib32/libpng12.so.0 |grep "libpng version" | head -n 1 libpng version 1.2.44 - June 26, 2010 $ qfile -v libpng12.so.0 app-emulation/emul-linux-x86-baselibs-20100915-r1 (/usr/lib32/libpng12.so.0)
(In reply to comment #1) > @security: > > This bug is fixed in current stable emul-linux-x86-baselibs-20100915-r1. > There's nothing left to do here, except glsa vote(?) > Thank you. I'd rate this as A2, which does not require a vote. GLSA request filed.
This issue was resolved and addressed in GLSA 201412-11 at http://security.gentoo.org/glsa/glsa-201412-11.xml by GLSA coordinator Sean Amoss (ackle).
