From ${URL} : Buffer overflow vulnerabilities in functions png_get_PLTE/png_set_PLTE, allowing remote attackers to cause DoS to application or have unspecified other impact. These functions failed to check for an out-of-range palette when reading or writing PNG files with a bit_depth less than 8. Some applications might read the bit depth from the IHDR chunk and allocate memory for a 2^N entry palette, while libpng can return a palette with up to 256 entries even when the bit depth is less than 8. Affected versions of libpng are before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19. Upstream patches: https://github.com/glennrp/libpng/commit/81f44665cce4cb1373f049a76f3904e981b7a766 https://github.com/glennrp/libpng/commit/a901eb3ce6087e0afeef988247f1a1aa208cb54d https://github.com/glennrp/libpng/commit/1bef8e97995c33123665582e57d3ed40b57d5978 https://github.com/glennrp/libpng/commit/83f4c735c88e7f451541c1528d8043c31ba3b466 CVE assignment: http://seclists.org/oss-sec/2015/q4/264 @maintainer(s): since the fixed package is already in the tree, please let us know if it is ready for the stabilization or not.
Arches please test and mark stable the following versions: =media-libs/libpng-1.2.54: ~alpha amd64 ~arm arm64 ~hppa ~ia64 m68k ~mips ~ppc64 s390 sh ~sparc x86 ~sparc-fbsd ~x86-fbsd ~amd64-linux ~x86-linux =media-libs/libpng-1.5.24: ~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~x86-interix ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt =media-libs/libpng-1.6.19: alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~x86-interix ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt
amd64 stable
x86 stable
(In reply to Lars Wendler (Polynomial-C) from comment #1) > Arches please test and mark stable the following versions: > > =media-libs/libpng-1.2.54: > ~alpha amd64 ~arm arm64 ~hppa ~ia64 m68k ~mips ~ppc64 s390 sh ~sparc x86 > ~sparc-fbsd ~x86-fbsd ~amd64-linux ~x86-linux Most of these have no stable keywords on this SLOT. > =media-libs/libpng-1.5.24: > ~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh > ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd > ~x86-interix ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos > ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris > ~x86-solaris ~x86-winnt Most of these have no stable keywords on this SLOT. > =media-libs/libpng-1.6.19: > alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 > ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd > ~x86-interix ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos > ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris > ~x86-solaris ~x86-winnt This is probably the SLOT you want those stable keywords on.
Stable for PPC64.
Stable for HPPA.
alpha stable
ia64 stable
ppc stable
arm stable
Ping on sparc stabilization, only one holding this down. At the same time filing for glsa so can write it up.
sparc stable
Arches, Thank you for your work. Maintainer(s), please drop the vulnerable version(s).
It has been 30 days since last request. Maintainer(s), please drop the vulnerable version(s).
Please cleanup version: 1.6.18
Thanks for the report. re: http://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d936b8ae0be80754a7474c38768356b2850079e9
This issue was resolved and addressed in GLSA 201611-08 at https://security.gentoo.org/glsa/201611-08 by GLSA coordinator Aaron Bauman (b-man).
