See http://www.openwall.com/lists/oss-security/2016/04/04/2 and http://optipng.sourceforge.net/ According to the optipng page there are two different vulns, but I haven't seen a public announcement or advisory for the second. There seems to be another vuln in the gif code that was already backported in gentoo in bug #561882. Anyway, please bump to 0.7.6.
(In reply to Hanno Boeck from comment #0) > Anyway, please bump to 0.7.6. Bumped. https://github.com/gentoo/gentoo/commit/db5868a52221a1dfda5156f7f3ea4fd823a1ee9d
Can we start stabilizing?
No objections from my side.
Stable for PPC64.
amd64 stable
x86 stable
CVE-2016-2191 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2191): The bmp_read_rows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (invalid memory write and crash) via a series of delta escapes in a crafted BMP image.
Added to existing GLSA request. @ppc, ping.
CVE-2016-3982 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3982): Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file, which triggers a heap-based buffer overflow. CVE-2016-3981 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3981): Heap-based buffer overflow in the bmp_read_rows function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file.
ppc stable. Maintainer(s), please cleanup.
(In reply to Agostino Sarubbo from comment #10) > Maintainer(s), please cleanup. Done https://github.com/gentoo/gentoo/commit/4d09b54143ce2beaa1bf7cb65f700fd2e16db6c9
This issue was resolved and addressed in GLSA 201608-01 at https://security.gentoo.org/glsa/201608-01 by GLSA coordinator Yury German (BlueKnight).