Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 335508 - <app-emulation/emul-linux-x86-baselibs-20100915-r1: contains potential vulnerable libpng library
Summary: <app-emulation/emul-linux-x86-baselibs-20100915-r1: contains potential vulner...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: AMD64 Linux
: High major (vote)
Assignee: Gentoo Security
URL: http://www.cvedetails.com/cve-details...
Whiteboard: A2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2010-09-01 13:29 UTC by Sven Vermeulen
Modified: 2014-12-12 01:09 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sven Vermeulen 2010-09-01 13:29:40 UTC
Package app-emulation/emul-linux-x86-baselibs-20100611 contains:
/usr/lib32/libpng14.so.14.2.0
/usr/lib32/libpng12.so.0

The libpng package has a potential vulnerability against these versions:
  libpng 1.4.2 -> CVE-2010-1205
  libpng 1.2.43 -> CVE-2010-1205

See also bug #324153

Reproducible: Always
Comment 1 Samuli Suominen gentoo-dev 2010-10-05 17:32:08 UTC
@security: 

This bug is fixed in current stable emul-linux-x86-baselibs-20100915-r1. There's nothing left to do here, except glsa vote(?)

ref:

$ strings /usr/lib32/libpng12.so.0  |grep "libpng version" | head -n 1
libpng version 1.2.44 - June 26, 2010
$ qfile -v libpng12.so.0
app-emulation/emul-linux-x86-baselibs-20100915-r1 (/usr/lib32/libpng12.so.0)
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2011-01-01 23:20:14 UTC
(In reply to comment #1)
> @security: 
> 
> This bug is fixed in current stable emul-linux-x86-baselibs-20100915-r1.
> There's nothing left to do here, except glsa vote(?)
> 

Thank you. I'd rate this as A2, which does not require a vote. GLSA request filed.
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2014-12-12 01:09:02 UTC
This issue was resolved and addressed in
 GLSA 201412-11 at http://security.gentoo.org/glsa/glsa-201412-11.xml
by GLSA coordinator Sean Amoss (ackle).